News

Security firm buys exploits for already known Android and iOS vulnerabilities

By admin
Spread the love

Security firm Zimperium has announced a program to purchase exploits for known Android and iOS vulnerabilities. Until now, companies only pay for zero days, which are not yet known to the software supplier. The company wants to learn how the exploits work.

Zimperium, the same company that discovered the Stagefright vulnerability in Android in 2015, writes that the value of a leak drops to almost zero, if this is known to the software vendor. The same goes for the associated exploits. The company doesn’t say how much such an exploit is worth on average, but says it wants to set aside $1.5 million to purchase it.

Furthermore, it claims that it has started the action to learn from the exploits and thereby improve its own systems. In addition, it wants to publish the exploits unless their creator objects to it. Publishing first takes place within the Zimperium Handset Alliance, which includes several smartphone manufacturers, such as Samsung and BlackBerry.

Zimperium wants to give them one to three months before it publishes the exploit. Among other things, the company is looking for exploits that can be used remotely or locally. It says it is not interested in buying zero days. Other companies do and offer high amounts, for example for a leak that makes a remote jailbreak possible. In that case, the purchase price can be up to 1.5 million dollars.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Nvidia releases GeForce RTX 4060 Ti variant with 16GB memory