Apple Finally Launches Bug Bounties

...

Apple will now pay hackers up to $200,000 to identify vulnerabilities in its products.

The tech titan—a long-time holdout in the bug bounty arena—announced its new program during this week's Black Hat event in Las Vegas.

For the first time in four years, Apple's head of security engineering and architecture Ivan Krstic took the conference stage on Thursday to talk about security features of HomeKit, AutoUnlock, and iCloud Keychain. As TechCrunch pointed out, the public appearance is "somewhat unusual" for the secretive company.

The biggest surprise, though, was Krstic's bug bounty announcement.

According to Rich Mogull, CEO of security research firm Securosis, Cupertino boasts one of the highest payouts in the business, but only for a handful of selected researchers.

Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit, Mogull wrote in a blog post. The program covers five issues, all on iOS or iCloud.

Historically, Apple has shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 is a good payday, it's pennies compared to the $1 million the FBI allegedly paid to break into the iPhone used by San Bernardino shooter Syed Farook.

Now, the iDevice maker—famously protective of its products and consumers—is taking new safety precautions. Applauding this move, Mogull said Apple didn't need a bug bounty, "but can certainly benefit from one."

"This won't motivate the masses or those with ulterior motives, but it will reward researchers interested in putting in the extremely difficult work to discover and work through engineering some of the really scary classes of exploitable vulnerabilities," he said.

Apple did not immediately respond to PCMag's request for comment.

This isn't the first time finding an iOS exploit could help pay the rent: In the past, third parties like Zerodium have paid security researchers upwards of $1 million to uncover Apple vulnerabilities.

In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Samsung Working on Folding Display Galaxy Note for 2018

    According to Bloomberg, Koh Dong-jin, president of Samsung Electronics' mobile business, said the company is planning a 2018 release for a Galaxy Note device with a bendable display.In other words, there's a good chance it we won't see a folding Galaxy Note in 2018 without some breakthroughs.
  • 5300c769af79e

    Case Study: Healthcare Company Finds the Right Prescription to Raise Its Security Posture with ProtectWise

    Download Due to the high sensitivity of healthcare data it is extremely valuable to hackers, therefore, a cybersecurity system without any holes is imperative.To learn about how one healthcare company uses the ProtectWise Cloud-based Network Security Platform to visualize and target network threats, take a look at this customer case study.
  • 5300c769af79e

    Google Duo (for iPhone)

    Face To FaceGoogle announced Duo at this year's Google I/O conference, along with Google Home, an Amazon Echo competitor, and Allo, a text chatting app that bakes in the new Google Assistant bot.Speak to MeThe iPhone version is effectively identical to the Duo Android app, which I've reviewed separately.
  • 5300c769af79e

    Tesla Is Touring Australia With a Tiny House

    But in order to sell an all-electric future to people, Tesla needs to show them what's possible.According to Electrek, the Tesla Tiny House is setting off on a tour of Australia, towed behind a Tesla Model X, which shouldn't come as a surprise.