作者kyle5241 (Kyle Korver)
看板MobileComm
标题[讨论]iPhone漏洞价值比Android漏洞还不值钱
时间Wed Sep 4 13:11:36 2019
https://tinyurl.com/y67o48xk
Android exploits has overtaken iOS with leading exploit broker Zerodium for
the first time since it was founded. In fact, such is the “flood” of
exploits now targeting iOS, that the broker is turning some away.
Android 漏洞价值现在超越了iOS。因为iOS 漏洞太多了,过量的供给导致仲介
还拒绝了一些漏洞
A full-chain (0-click, no user intervention) Android exploit now tops the
payments menu at $2.5 million, while the same type of iOS attack software
pays just $1 million, down from $1.5 million. Zerodium explains that “the
amounts paid to researchers to acquire original zero-day exploits depend on
the popularity and security level of the affected software/system, as well as
the quality of the submitted exploit.”
完整的(不需要使用者操作的)Android漏洞现在值超过250万美元,而同样的攻击在iOS
上已经降到了100万美元(原本150万美元)
According to a Zerodium statement, “during the last few months, we have
observed an increase in the number of iOS exploits being developed and sold
by researchers from all around the world. The zero-day market is so flooded
by these iOS exploits that we've recently started refusing some them.”
在过去几个月,我们观察到大量的iOS侵入方式被开发了而且被世界各地的研究人员拍
卖。市场上充满着各式各样的iOS侵入法,所以我们甚至必须要拒绝一些漏洞。
And as with all other kinds of markets, pricing analysis uncovers significant
trends that are impacting the market in real-time. Despite the news flow of
the last week, this is a surprise as far as Apple is concerned with the
impression having landed with many of its users that it significantly safer
and more locked down that Android.
这对苹果来说是一种惊奇,因为苹果向来认为比Android 安全很多
心得:
当iOS漏洞没那麽值钱的时候大家就没兴趣找了啦~
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 131.215.107.226 (美国)
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/MobileComm/M.1567573899.A.3B2.html
1F:推 hms5232 : 楼下说唉凤最安全 09/04 13:14
2F:→ cress0128 : 唉凤不连网最安全 09/04 13:16
3F:嘘 wlyen503 : 爱疯最安全啊。 09/04 13:16
4F:→ kai08130623 : 什麽!? 09/04 13:24
5F:推 Dacamiya : 漏洞不值钱 但个资值钱ㄚ 09/04 13:24
6F:推 Askalaphos : 有洞必有漏 09/04 13:25
7F:推 quietcat : 那为什麽银行的app都说要装防毒啊?之前拿唉凤不会 09/04 13:34
8F:嘘 Asbtt : 自嗨。 09/04 13:35
9F:→ quietcat : 我爱我的大三星no10+我只是不懂没要为唉凤讲话哦 09/04 13:36
10F:推 larailing : 爱凤比较多人用照道理应该比较贵阿? 09/04 13:39
11F:推 tonyian : 全部都开放公开的确是很安全的啊,啊?你说你没开 09/04 13:41
12F:→ tonyian : 放,但是你的行为不是这样说的啊 09/04 13:41
13F:嘘 wlo3176844 : 楼下说ios是相对安全 09/04 13:43
14F:嘘 selvester : iOS的漏洞能够提供图库 充实影片就好了 09/04 14:13
15F:推 JerianGrant : #重新定义 漏洞 09/04 15:04
16F:推 hyghmax1202 : 回七楼,银行觉得安卓不安全所以希望你安装防毒软 09/04 16:32
17F:→ hyghmax1202 : 体,反之,银行决定苹果安全所以没有要你装防毒软 09/04 16:32
18F:→ hyghmax1202 : 体。 09/04 16:32
19F:→ hyghmax1202 : 靠北还是打错字了 亏我还检查一遍... 银行觉得 09/04 16:33
20F:推 ogisun : iphone使用者大多简单需求而已 手机也没有骇的价值 09/04 18:01
21F:推 ReDmango : 等了好久等不到某K回应 09/04 19:03
22F:推 sunskist0831: 某K只会推对安卓不利的新闻 苹果不利的就装没看到 09/04 21:30
23F:推 s14545 : 楼上现在才发现 除了可以嘴安卓跟护航苹果的文 其 09/04 22:18
24F:→ s14545 : 他文基本看不到他存在 09/04 22:18
25F:→ azuel : 如果iOS有防毒软体,台湾的银行也会叫你装的 09/04 23:48
26F:→ azuel : 会去寄望银行的IT水平是不是搞错了什麽 09/04 23:48
27F:嘘 kouta : 这不是来了吗 @ReDmango @sunskist0831 @s14545 09/05 02:42
28F:→ kouta : 不够危险的漏洞当然不值钱啊 09/05 02:43
29F:→ kouta : htc XD 09/05 03:07
30F:嘘 s14545 : 是因为太多才不值钱 而不是漏洞本身不严重 09/05 06:37
31F:推 xluds24805 : 差2.5倍差蛮多的呢 09/05 09:18
32F:推 TZephyr : 太会拗了吧 09/05 09:19
33F:推 Mrchungken : 苹果漏洞:没关系不危险啦 安卓漏洞:安卓真烂 果 09/05 09:24
34F:→ Mrchungken : 粉自助餐真好吃 09/05 09:24
35F:→ jasonpttt : 安卓漏洞:没关系不危险啦 苹果漏洞:苹果真烂 卓 09/05 10:04
36F:→ jasonpttt : 粉自助餐真好吃XD 09/05 10:04
37F:推 Mrchungken : 没人说安卓漏洞不危险啊 说苹果漏洞不危险的上面就 09/05 10:27
38F:→ Mrchungken : 一个啦 现在果粉战力都弱成这样 真惨 09/05 10:27
39F:推 sunskist0831: 内文写漏洞太多 自动超译成不危险 厉害了 09/05 10:28