Zerodium is a exploit acquisition platform designed to pay researchers a fee to buy zero-day security vulnerabilities and then sell them to customers such as government and law enforcement agencies. This week, however, Zerodium announced that it plans not to purchase such content for the next two to three months because of too many iOS exploits it has submitted in the short term. Zerodium is known to focus on high-risk vulnerabilities, and typically rewards each fully functional iOS exploit for $100,000 to $2 million.
Zerodium CEO Chaouki Bekrar said in a tweet that iOS’s security posture is not as good as everyone thought, noting that there are continuing to be some zero-day exploits affecting all iPhones and iPads. Of course, Bekrar still wants iOS 14 to improve.
In addition to third parties such as Zerodium, Apple has its own vulnerability bounty program. If a security vulnerability in iOS, iPadOS, macOS, tvOS, or watchOS is found, a reward of $50 million to $1 million will be awarded.