A few days ago, a mainstream media channel asked the Damballa Threat Discovery Center our opinion about the newest and biggest cyber threats facing US business and law enforcement. We responded that the business of Zero Day exploits is on the rise.
Zerodium, a Zero-Day buy and sell market launched by Vupen, (a vulnerability and exploit broker) announced they would offer a $1 million dollar bounty for any iOS 9 exploit or jailbreak.
This follows their announcement last week about bounties they were in the market for, including mobile exploits, browsers, Flash and Microsoft Office.
While security forums don’t have much chatter about this topic yet, it’s all over Twitter. While there is no insight into a specific buyer, we can assume if an exploit for iOS 9 is found, Zerodium will sell it for way more than $1 million.
Finding an iOS 9 security breach would have severe repercussions for millions of iPhone users, which have traditionally been given a higher grade for security than Android because of their ‘walled garden’ approach to Apps. Any developer who wants to do business in the App Store has their code reviewed by Apple first.
The exploit business has been alive and well for a long time. No law enforcement authorities have gone after them yet, and if they did, it could get messy. Who is it to blame? The person who finds the exploit, the company who buys it or the people who use it?[su_box title=”About Damballa” style=”noise” box_color=”#336588″]
As a leader in automated breach defence, Damballa delivers advanced threat protection and containment for active threats that bypass all security prevention layers. Born for breach defence, Damballa rapidly discovers infections with certainty, pinpointing the compromised devices that represent the highest risk to a business, and enabling prioritized response and refocusing of security experts to the areas of greatest risk to an enterprise. Our patented solutions leverage Big Data from one-third of the worlds Internet traffic, combined with machine learning, to automatically discover and terminate criminal activity, stop data theft, minimize business disruption, and reduce the time to response and remediation. Damballa protects any device or OS including PCs, Macs, Unix, iOS, Android, and embedded systems. Damballa protects more than 400 million endpoints globally at enterprises in every major market and for the world’s largest ISP and telecommunications providers.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.