Apple Finally Launches Bug Bounties

...

Apple will now pay hackers up to $200,000 to identify vulnerabilities in its products.

The tech titan—a long-time holdout in the bug bounty arena—announced its new program during this week's Black Hat event in Las Vegas.

For the first time in four years, Apple's head of security engineering and architecture Ivan Krstic took the conference stage on Thursday to talk about security features of HomeKit, AutoUnlock, and iCloud Keychain. As TechCrunch pointed out, the public appearance is "somewhat unusual" for the secretive company.

The biggest surprise, though, was Krstic's bug bounty announcement.

According to Rich Mogull, CEO of security research firm Securosis, Cupertino boasts one of the highest payouts in the business, but only for a handful of selected researchers.

Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit, Mogull wrote in a blog post. The program covers five issues, all on iOS or iCloud.

Historically, Apple has shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 is a good payday, it's pennies compared to the $1 million the FBI allegedly paid to break into the iPhone used by San Bernardino shooter Syed Farook.

Now, the iDevice maker—famously protective of its products and consumers—is taking new safety precautions. Applauding this move, Mogull said Apple didn't need a bug bounty, "but can certainly benefit from one."

"This won't motivate the masses or those with ulterior motives, but it will reward researchers interested in putting in the extremely difficult work to discover and work through engineering some of the really scary classes of exploitable vulnerabilities," he said.

Apple did not immediately respond to PCMag's request for comment.

This isn't the first time finding an iOS exploit could help pay the rent: In the past, third parties like Zerodium have paid security researchers upwards of $1 million to uncover Apple vulnerabilities.

In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Samsung Selling Unlocked Galaxy S7, S7 Edge In US

    This session will give you advice on how to best ensure that your initial steps into analytics wil In an effort to appeal to growing base of customers, Samsung is now offering its Galaxy S7 and Galaxy S7 Edge smartphones unlocked in the US.The Moto G4 and Blu R1 HD will be sold unlocked next month, and the new Motorola Z Droid and Z Droid Force will be sold unlocked in the fall.
  • 5300c769af79e

    Intel Snaps Up Nervana to Jump-Start AI

    The Nervana Engine and its silicon expertise will advance Intel's AI portfolio, added Bryant, enhancing the deep learning performance and lowering the total cost of ownserhip of its Intel Xeon and Intel Xeon Phi processors.That talent pool includes Nervana CEO Naveen Rao, a former Qualcomm researcher with a PhD from Brown University, and CTO Amir Khosrowshahi, among others.
  • 5300c769af79e

    Top CRM Blogs of 2016: Countdown, Part 1

    For now, we'll look back on a year of writing on the subject of CRM -- not just CRM, the technology, but CRM, the discipline.Employee retention and engagement is a favorite topic -- and rightly so, because a business' CRM processes meet the customer through its employees.
  • 5300c769af79e

    Bank Of America's Digital Transformation: Where IT Fits In

    Despite enterprises spending more money annually on cybersecurity defense than ever before, the nu Bank of America Merrill Lynch is in the midst of sweeping digital transformation involving all aspects of its customer-facing operations.InformationWeek spoke with several of the company's technology executives to find out where IT fits in its evolving technology roadmap.