Apple Finally Launches Bug Bounties

...

Apple will now pay hackers up to $200,000 to identify vulnerabilities in its products.

The tech titan—a long-time holdout in the bug bounty arena—announced its new program during this week's Black Hat event in Las Vegas.

For the first time in four years, Apple's head of security engineering and architecture Ivan Krstic took the conference stage on Thursday to talk about security features of HomeKit, AutoUnlock, and iCloud Keychain. As TechCrunch pointed out, the public appearance is "somewhat unusual" for the secretive company.

The biggest surprise, though, was Krstic's bug bounty announcement.

According to Rich Mogull, CEO of security research firm Securosis, Cupertino boasts one of the highest payouts in the business, but only for a handful of selected researchers.

Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit, Mogull wrote in a blog post. The program covers five issues, all on iOS or iCloud.

Historically, Apple has shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 is a good payday, it's pennies compared to the $1 million the FBI allegedly paid to break into the iPhone used by San Bernardino shooter Syed Farook.

Now, the iDevice maker—famously protective of its products and consumers—is taking new safety precautions. Applauding this move, Mogull said Apple didn't need a bug bounty, "but can certainly benefit from one."

"This won't motivate the masses or those with ulterior motives, but it will reward researchers interested in putting in the extremely difficult work to discover and work through engineering some of the really scary classes of exploitable vulnerabilities," he said.

Apple did not immediately respond to PCMag's request for comment.

This isn't the first time finding an iOS exploit could help pay the rent: In the past, third parties like Zerodium have paid security researchers upwards of $1 million to uncover Apple vulnerabilities.

In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Kiën’s unique LED strip lights are encased in concrete and app controlled

    Strip lights with fluorescent tubes inside may instantly conjure up images of an office and not very pleasant lighting conditions.The Licht 1 is a Kickstarter campaign, but we managed to check out the system during the London Design Week’s DesignJunction showcase.
  • 5300c769af79e

    Samsung Gear 360 on Sale for $349.99

    99 spherical video camera goes on sale Thursday, exclusively at VidCon, the annual online video conference in Anaheim, Calif.For those not attending the three-day event, Samsung promised details about additional availability "later in the year.
  • 5300c769af79e

    LG X Power 2

    Tucked away in the corner of LG's booth we found the X Power 2, the successor to the original X Power we reviewed last year and liked for its exceptionally long battery life.Compare Similar ProductsCompare LG X Power %displayPrice% ZTE Warp 7 %displayPrice% Samsung Galaxy J7 %displayPrice% LG K10 %displayPrice% LG G6 %displayPrice% OnePlus 3T %displayPrice% Design Like the original X Power, the X Power 2 is a large polycarbonate slab that doesn't particularly stand out in terms of design.
  • 5300c769af79e

    OnePlus 3 Launches June 14 in VR Without Invites

    The OnePlus 3 will be unveiled on June 14.As previously announced, OnePlus will do the unveiling in VR, through an app and virtual store they are calling “The Loop.