Great news for bug hunters, finally Apple announced that it will pay hackers that will find bugs in its products. Apple is the last IT giant to launch its bug bounty program. Major IT firm, including Facebook, Google, and Microsoft have already launched a similar initiative over last years to reward with a great success.
Apple has chosen the Black Hat 2016 security conference to announce the launch of the bug bounty program. The announcement was made by Ivan Krstić, head of security engineering and architecture at Apple that confirmed the invite to the hacking community to ethically report security vulnerabilities under the bug bounty program.
How much is a vulnerability in Apple product?
The awards are very interesting, bug hunters can earn up to $200,000 for a critical vulnerability affecting the secure boot firmware components, up to $100,000 for a flaw that could be exploit to extract sensitive data protected by the Secure Enclave, up to $50,000 for arbitrary code execution with kernel privileges and unauthorized access to iCloud account data, and up to $25,000 for access from a sandboxed process to user data outside the sandbox.
Apple’s bug bounty program will be launched in September, the IT giant will accept a submission only if it will include a working proof-of-concept (PoC).
But I appreciated also another opportunity that Apple will give to the hackers, if they will donate the reward to a charity, Apple could match the amount.
The bad news is that the bug bounty program will be open only to groups of researchers invited by Apple. The company intends to invite only a limited number of security experts who have previously ethically reported bugs to Apple, but the IT giant will slowly expand its bug bounty program.
In a first phase, the program will be focused on vulnerabilities in iOS and iCloud products.
The experts speculate that the decision of launching a bug bounty program is the response of the company to the battle with the FBI for the case of the San Bernardino shooter’s iPhone.
(Security Affairs – Apple bug bounty program, Hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.