(blog.siguza.net)

265 points todsacerdoti | 2 comments | 24 May 25 19:50 UTC | HN request time: 0s | source

Show context

weinzierl ◴[24 May 25 21:44 UTC] No.44083979[source]▶

>>44083388 (OP) #

I've heard Apple pays a million for Jailbreaks now. That's the lower bound for the price on the free market.

replies(3): >>44084509 #>>44084598 #>>44084746 #

lern_too_spel ◴[25 May 25 00:53 UTC] No.44084746[source]▶

>>44083979 #

That's the market rate. https://cyberscoop.com/zerodium-android-zero-days-bounty/

replies(1): >>44084796 #

1. andrepd ◴[25 May 25 01:07 UTC] No.44084796[source]▶

>>44084746 #

Well TIL that there are zero-day market makers...

replies(1): >>44084968 #

2. tptacek ◴[25 May 25 01:53 UTC] No.44084968[source]▶

>>44084796 (TP) #

Bear in mind: different buyers and different price structured. You can get more selling a vulnerability to CNE shops (say: every intelligence organization in Germany), but you'll be accepting more risk --- the payments are effectively tranched (or, equivalently, back-loaded on "maintenance" fees), and if the vulnerability dies you're S.O.L. Apple also won't make you build all the reliable exploitation enablement tooling a CNE buyer will. So: they pay less.

↑

Tachy0n: The Last 0day Jailbreak