Apple’s iOS has a reputation for being a secure platform. But a recent report suggests that it may be more vulnerable to attack than most people think.
In fact, the number of iOS-focused exploits and vulnerabilities appear to be at an all-time high, two brokers of zero-day exploits told Vice in a recent article.
Vice‘s broker sources state that the number of available iPhone hacks on the market is more than they’ve ever seen in the past.
For context, zero-day exploits are bugs or vulnerabilities that aren’t known to the companies that produce hardware or software (in iOS’s case, they’re unknown to Apple).
These exploits are especially coveted by government agencies and law enforcement entities.
iOS Exploit Supply and Demand
As you might expect, zero-day exploits can fetch quite a high price on various marketplaces. But Vice reports that the prices for iOS zero-days are actually now quite a bit lower than similar Android zero-days.
Vulnerability broker Zerodium on Tuesday announced new pricing for zero-day exploits.
- The broker will pay $2.5 million for exploits that allow the complete takeover of an Android device.
- The same type of exploits for iOS are only going for $2 million.
It appears to be a matter of supply and demand. According to Zerodium founder Chaouki Bekrar, the zero-day market has been “flooded by iOS exploits,” which includes “mostly Safari and iMessage chains.”
That’s because many security researchers have increasingly focused on breaking into iOS full-time.
“They’ve absolutely destroyed iOS security and mitigations,” Bekrar notes. “There are so many iOS exploits that we’re starting to refuse some of them.
On the other hand, another exploit broker, Crowdfense, notes that most of the iOS exploits currently on the market aren’t “intelligence-grade.”
One of the reasons why Android vulnerabilities are becoming pricier than similar iOS ones is how fragmented the ecosystem is. A universal exploit that works across all Android devices is almost “impossible to find.” A vulnerability discovered on iOS has a higher chance of working across various devices.
What This Means for You
Luckily, most of the exploits on the zero-day market are only going to be leveraged by entities with vast pools of resources — like intelligence agencies and law enforcement groups.
Apple also takes the security of its devices very seriously and works to patch any vulnerabilities as soon as it finds them.
Still, the number of zero-day exploits that are out in the wild is still worrying. While you probably aren’t a target, there’s not much you can do to avoid zero-days besides basic cybersecurity practices, like updating your device’s software regularly.