Exploit acquisition company Zerodium announced last week that it would no longer be buying certain types of iOS exploits for the next 2-3 months due to surplus. It also announced that prices for iOS exploit chains that require some user interaction and don’t provide persistence will likely drop in the near future.

Furthermore, Zerodium’s CEO and founder, Chaouki Bekrar, said “iOS security is fucked,” noting that they are already seeing many exploits designed to bypass pointer authentication codes (PAC) — PAC provides protection against memory attacks — and a few zero-day exploits that can help an attacker achieve persistence on all iPhones and iPads.