The iPhone 6S attack saw Tencent-owned Keen Lab chain two iOS vulnerabilities to steal pictures from the Apple device. They were awarded $52,500 for that hack. They also managed to install a rogue application on the iPhone 6S, but the app wouldn’t survive a reboot thanks to a default configuration setting that prevented persistence. Despite that, ZDI bought the bugs used in the hack for $60,000.

As for the Nexus 6P, the Keen collective managed to install a malicious app on the Google device, repeating the attack three times to receive a whopping $102,500. Again, Keen combined two different bugs, alongside other unspecified weaknesses in Android.

Talking about Keen’s research, ZDI chief Brian Gorenc said: “These are critical in nature as they allow an attacker to disclose sensitive information or install a malicious application. We’ve seen similar exploits recently used in the wild.