Hack Apple & Get Paid up to $200,000 Bug Bounty Reward

So finally, Apple will pay you for your efforts of finding bugs in its products.

While major technology companies, including

Microsoft

,

Facebook

and

Google

, have launched bug bounty programs over last few years to reward researchers and hackers who report vulnerabilities in their products, Apple remained a holdout.

But, not now.

On Thursday, Apple

announced

 at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company’s products.

How much is a vulnerability in Apple software worth? Any Guesses?

It’s up to

$200,000

.

Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software.

While that’s certainly a sizable bounty reward — one of the highest rewards offered in corporate bug bounty programs.

The Bug Bounty Program is Invite-Only, for Now

Well, for now, Apple is intentionally keeping the scope of its bug bounty program small by launching the program as invitation-only that will be open only to limited security researchers who have previously made valuable bug disclosures to Apple.

The company will slowly expand the bug bounty program.

Launching in September, the program will offer bounties for a small range of iOS and iCloud flaws.

Here’s the full list of risk and reward:

  • Flaws in secure boot firmware components: Up to $200,000 (~£150,000).
  • Flaws that could allow extraction of confidential data protected by the Secure Enclave: Up to $100,000.
  • Vulnerabilities that allow executions of malicious or arbitrary code with kernel privileges: Up to $50,000.
  • Flaws that grant unauthorized access to iCloud account data on Apple servers (remember celebrity photo leak?): Up to $50,000.
  • Access from a sandboxed process to user data outside of that sandbox: Up to $25,000.

For the eligibility of a reward, researchers will need to provide a proof-of-concept (POC) on the latest iOS and hardware with the clarity of the bug report, the novelty of the bounty problem and the possibility of user exposure, and the degree of user interaction necessary to exploit the flaw.

Decision Comes in the Wake of the FBI Scandal

Earlier this year, Apple fought a much-publicized

battle with the FBI

over a court order to access the locked San Bernardino shooter’s iPhone.

When the FBI forced Apple to unlock the shooter’s iPhone, it refused, eventually making the bureau hire professional hackers to

break into the iPhone

— supposedly

paying out over $1 Million

.

Perhaps the company is trying to eliminate these lucrative backdoors into its software to make its

iOS devices so secure

that even the company can not crack them.

from The Hacker News http://ift.tt/2aCAs91

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s