Apple has increased its bug bounty from $200,000 to $1Million.
Started three years back at Black Hat 2016 offers hackers the sizeable sum of $200,000 if they detect vulnerabilities in the iPhone system as a part of Apple’s bug bounty programme.
When the programme was launched, there were five different categories of risk and the offered bounty fell into the range of $25,000 to a maximum of $200,000.
Since then, around 50 serious bugs have been detected and reported. Seeing the success, Apple expanded its programme and raised the iPhone bounty to $1m.
Also, this time around, the program is not kept restricted to invitation only members. Apple has opened the bug bounty programme for all security researchers.
Everyone will be able to report security bugs and in return will receive a monetary reward, which vary depending on the nature of vulnerability’s impact and the damage it can do to the device.
The iOS Security Research Developer Device
Just like with Apple’s Credit Card, the tech company keeps on experimenting to offer a flawless experience to the users. Similarly, ahead of the open bug bounty programme, Apple would provide the participants developer devices. The device will let them dive further into iOS than possible with their standard iPhones.
With these devices, hackers will be able to pause the processor in addition to examining the data in memory in greater depth. The handsets will come with a root shell, secure shell and advanced debugging capabilities making it easier for the researcher to spot bugs easily and efficiently.
According to The Verge, “While these special iPhone dev devices will be more open to security researchers, they won’t have the deep level of access that internal Apple developers and the company’s security team have.”
More about Bounty
Individuals, security researchers along with organizations, who are willing to get the $1m bounty reward will have to demonstrate that they can gain complete control of a phone without any interaction from the user.
And if a researcher is able to find out the vulnerability in pre-release builds even before a phone or a version of iOS is made available to the public, they will be entitled to a 50pc bonus on top of the amount for spotting a vulnerability in the first place.
At the Black Hat Conference held on the 8th of August, Apple also announced that it is expanding its existing bug bounty program to include Apple TV, macOS, Apple Watch, and iCloud. The program will include rewards of up to $1 m for a zero-click, full chain kernel code execution attack.
As per the report by TechCrunch, “Earlier, security researchers refused to report security flaws they encountered on macOS to Apple due to no financial incentive attached to them”.
Co-Founder and VP Mobile Architect at Appventurez. An expert programmer who is passionate and loves to explore emerging mobile technologies. As a leader, he is a perfect match as he is always there for the team to help and guide them to learn and implement smartly and effectively.
⚡️ by Appventurez
Hey there! This is Ashish, author of this blog. Leave your email address and we'll keep you posted on what we're up to.
This will subscribe you to Appventurez once-a-month newsletter. You can unsubscribe anytime. And we promise not to pester you or share your data :)