Apple expands bug bounty to macOS, raises bug rewards

Ceria Alfonso
Agosto 13, 2019

The so-called iOS Security Research Device Program will get underway next year and while anyone can apply to receive one of the special iPhone units, Apple says that there will be a limited amount handed out.

Krstić confirmed the iOS Security research Device program would be by application exclusively.

As announced by the head of security engineering and architecture at Apple, Ivan Krstic, anyone who manages to hack Apple devices and services and shares the vulnerability with the company is liable to a max reward of $1 million.

At the same conference, software giant Microsoft also announced its Azure Security Lab, meant to give experts a sandbox-like safe environment to test its Cloud security services better.

Rival Google started its own bug bounty scheme way back in 2010, while several other major technology companies also offer financial rewards. From concentrating only on iOS, the quest is now also open for macOS, tvOS, and watchOS. Further, while Apple's iPhone and iPad were arguably the most targeted devices, the company's choice to limit it to iOS only proved similarly unpopular with many security researchers, and left all of Apple's other platforms considerably more vulnerable.

More news: Lunes negro para los mercados argentinos tras las elecciones primarias

Apple also extends the bounties to everyone, invited or not. The company also added a Dollars 500,000 tier reward for security shortcomings that allow hackers to access user data and a 50 percent bonus on all rewards for vulnerabilities detected in beta versions of the software. The handsets will come with ssh, a root shell, and advanced debug capabilities, all created to make it easier for security researchers to spot bugs.

While the iPhones made available to hackers in search of their fortune are not identical to those you purchase in the store, they offer enough room in Apple's famously closed electronic ecosystem to allow for useful probes by cybersecurity geniuses.

As Maor Shwartz told Forbes, the price of a single exploit (a program that uses vulnerabilities generally to take control of a computer or phone) will fetch as much as $1.5 million.

Ifixit found that Apple has activated a piece of software in its phones that kills a diagnostic feature related to its battery.

Another novelty for hackers looking for bugs in iOS is a platform specifically conceived for research purposes. Apple's previous highest bounty was $200,000 for friendly reports of bugs that can then be fixed with software updates and not leave them exposed to criminals or spies.

Otros informes por

Discuta este artículo