So finding a way to sneak an obfuscated bug into a library used by Webkit now yields 500k? Opens the door for a whole new class of 'open source monetization strategies'. Seems like it starts to make sense to pay people to infiltrate core dev groups of infrastructure libraries.
500k are for a remote jailbreak on iOS from the web browser, not just for code execution in the sandboxed browser. So a webkit vulnerability alone will not be enough, you will need to chain multiple 0 days in order to escape the sandbox, and a kernel memory corruption vulnerability to "jailbreak it". and additionally you will need a codesign vulnerability to run the untether exploit everytime the device boots because the jailbreak is not persistent otherwise.
Anyway, IT has still not proven positive impact on the real world economy...
IT startup are fed up with cash since 20 years and every benefits seems to be sunk into a fast obsolescence sink.
In terms of engineering it is like comparing the F16 now from 40 years ago:
new F16 has a lot of electronic devices, BUT costs more to operate, lose in dogfight vs its former self and former Mig/Suckhoi, it is 9 tons heavier, it costs way more to build...
Nowadays, IED are costing peanuts, and russia is frigthening europa with planes that should be in museums loaded with nuclear missiles.
In economics as in war, costs matters. And at one point for making financial transaction, the costs of security will matter. Given a point of distrust, people may revert back to old tech like faxes and unplugged networks and notice they are more competitive this way.
