A report suggests governments are paying up to $500,000 for vulnerabilities affecting Apple's iOS operating system.
Apple has been lauded for its ability to keep malware out of the App Store, with one leading expert calling it the security innovation of the past decade.
Like Us on Facebook
However Apple's eco-system may not be as secure as it believes with a report in the New York Times claiming that a security vulnerability in its iOS operating system (which runs on iPhone and iPad) was sold for $500,000 (£332,000) to an unnamed buyer.
The claim comes from two anonymous sources speaking to the New York Times who said the security flaw was a so-called "zero-day" vulnerability.
Zero-day vulnerabilities are previously undiscovered flaws in systems which when exploited give users unfettered access to an individual PC or a computer network.
Thanks to the pervasive nature of the iPhone and its high levels of security, vulnerabilities in it are much more highly prized than those found in other software such as Android or Windows.
A flaw in iOS would potentially allow those exploiting it to monitor the activity of any iPhone user, which would be a hugely attractive proposition for those engaged in state-sponsored cyber-espionage.
The revelation comes at a time when governments around the world are being scrutinised for the level of spying they are carrying out on their own citizens in the wake of the National Security Agency (NSA) revelations by whistleblower Edward Snowden.
While it wasn't revealed who purchased the iOS flaw, the price tag suggests that it could only have been a government or law enforcement agency.
Companies like Google and Microsoft do pay security researchers who find vulnerabilities in their (and competitor's) code but none of them have ever paid anywhere near the $500,000 asking price for this iOS vulnerability.
The trade in software vulnerabilities has become big business in recent years. While it was once the case where researchers would hand over any flaws they discovered to the relevant company for free, they are now traded for hundreds of thousands of pounds with groups like the NSA in the US to the Revolutionary Guard of Iran.
While companies like the UK-based Gamma International remain tight-lipped about what they do, some companies trading in these zero-day vulnerabilities are beginning to speak more open about what they do.
Speaking to IBTimes UK last year, Eric Rabe from Hacking Team spoke openly about Da Vinci, the powerful spying tool his company sells to governments and law enforcement agencies around the world, which lets them spy on people in and outside of their own borders.
While Rabe says Hacking Team only deals with countries which are NATO-approved, there has been vocal criticism about the tools Hacking Team sells, with some claiming they have been used against activists leading to torture and in at least one case death.
Sep 13, 2013 04:23 amSamsung Galaxy S5 Likely to have 64 bit Processor
Sep 13, 2013 02:40 amMicrosoft Working on Halo Inspired Siri-Like Voice Assistant for Windows Phone