Many Safari and iMessage vulnerabilities have been discovered for iOS, iPhone and iPad, and they are being put up for sale by a variety of cyber security researchers. The information comes from Zerodium, a company that collects exploits of this kind and sells them to anyone who needs them.
The company has reduced the price of vulnerabilities for iOS from 2.5 million dollars to only 2, but here we are talking about those that allow complete control of an iPhone, iPad, etc. Vulnerabilities that allow the exploitation of iOS with a single click are now worth 1 million dollars instead of 1.5 million, the differences being large.
The explanation for the price reductions is based on the fact that the vulnerability "market" for iOS was "flooded" by many exploits, mainly for Safari and iMessage. Zerodium says that many researchers have changed their priorities, and are now looking exclusively for iOS vulnerabilities, ignoring Android.
“The zero-day market is flooded with iOS exploits, mostly Safari and iMessage chains, mainly due to many security researchers who have turned their attention to exploiting iOS full time. They absolutely destroyed iOS security and mitigation. There are so many iOS exploits that we're starting to turn down some of them. "
The vulnerabilities bought by these companies are zero-day ones, that is, unknown to Apple, but which offer total control over iDevices. Those at Apple find out about their existence only after they are used to exploit iDevices, and solve them with difficulty, and that is why they are so expensive.
