They may have purchased it from an exploit broker. | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		chelmzy on Sept 13, 2021 \| parent \| context \| favorite \| on: NSO Group iMessage Zero-Click Exploit Captured in ... They may have purchased it from an exploit broker.

badRNG on Sept 13, 2021 | [–]

Zerodium will pay up to $2,500,000 for no-click iPhone/Android exploits [1]. I'm sure they'd only pay that much if they were highly confident they have clients who'd pay enough to make the risk and investment worth it.

[1] https://zerodium.com/program.html

jbay808 on Sept 14, 2021 | [–]

Someone still had to discover it though!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact