Zero-Day Hunters Offer $500K For iOS Bugs

...

Days after Apple launched its first bug bounty program, zero-day hunters Exodus Intelligence upped the ante.

Apple will pay hackers up to $200,000 to identify vulnerabilities in its products. Exodus, meanwhile, is offering up to $500,000.

Cybersecurity researchers are invited to participate in the new Research Sponsorship Program (RSP), which awards bounties for both zero-day flaws and exploits against patched (n-day) vulnerabilities. Currently, iOS 9.3+ flaws are going for a max of $500,000, while Google Chrome and Microsoft Edge bugs could earn you up to $150,000 or $125,000, respectively.

Found Firefox vulnerabilities can net you up to $80,000, Windows 10 up to $75,000, and Adobe Reader and Flash up to $60,000 each. The firm is also offering a bonus structure for zero-day vulnerabilities, which adds to the initial payment for every quarter the exploit remains alive.

"Through the launch of the RSP, Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry," company president Logan Brown said in a statement.

Registered users can view zero-day and n-day hit lists on the new RSP website.

Apple did not immediately respond to a request for comment.

The tech titan—a long-time holdout in the bug bounty arena—announced its new program during last week's Black Hat event in Las Vegas. Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit. The program covers five issues, all on iOS or iCloud.

Historically, Apple shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 (or even $500,000) is a good payday, it's pennies compared to the upwards of $1 million third parties like Zerodium have paid security researchers to uncover Apple vulnerabilities.

In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Rounded ZenWatch 3 Strolls Through FCC Ahead of IFA

    The ZenWatch 3, likely to be unveiled at this year’s IFA in early September, has been unintentionally announced via a FCC filing.As you can see from the sketch above that was located in the filing, the ZenWatch 3 might come with a very different design than previous ZenWatch models, featuring a rounded display this year.
  • 5300c769af79e

    Google Home's Conversation Actions are Open for Developers to Make Magic Happen

    During Google’s unveiling of Google Home, the Pixel phones, and Google Assistant a couple of months ago, they showed off a preview of the future of Assistant on both devices.Today, Google has opened up one of those two pieces on Google Home, which could lead to the third party, conversational action magic you’ve been dreaming of.
  • 5300c769af79e

    Microsoft Launches Teams to Foil Office 365 Poachers

    It's trying to take that behemoth that's Microsoft and make it more responsive to the marketplace.The full gamut of Office tools is integrated into Teams, including Word, Excel, PowerPoint, SharePoint, OneNote, Planner, Power BI and Delve.
  • 5300c769af79e

    China Subjects Tech Imports to Heavy Security Scrutiny

    They might be used to block the import of products or to extract trade secrets in exchange for access to China's market.Tech knowledge so obtained might be passed on to Chinese companies competing with foreign ones, or expose vulnerabilities that could be exploited by hackers in China.