Exploit broker Zerodium has implemented a $2.5 million price tag for a zero-click 0-day in Android.
An Android zero-day exploit is now worth more than one for the iPhone on the global cyberweapons market.
Exploit acquisition vendor Zerodium said Tuesday that it is willing to pay a whopping $2.5 million for a zero-click Android zero-day with persistence. That number significantly increases the company’s previous payout ceiling of $2 million (for remote iOS jailbreaks).
Android outstripping iPhone in zero-day value is a new turn of events; iPhone exploits have until now commanded top pay-outs from gray-market exploit brokers like Zerodium because they were rare. But as further evidence of iPhone’s waning value (and possibly a glut of exploitable bugs in the platform), Zerodium also decreased payouts for another Apple flaw: Apple iOS one-click zero-days with persistence are now worth $1 million (previously worth $1.5 million).