Zero-Day Hunters Offer $500K For iOS Bugs

...

Days after Apple launched its first bug bounty program, zero-day hunters Exodus Intelligence upped the ante.

Apple will pay hackers up to $200,000 to identify vulnerabilities in its products. Exodus, meanwhile, is offering up to $500,000.

Cybersecurity researchers are invited to participate in the new Research Sponsorship Program (RSP), which awards bounties for both zero-day flaws and exploits against patched (n-day) vulnerabilities. Currently, iOS 9.3+ flaws are going for a max of $500,000, while Google Chrome and Microsoft Edge bugs could earn you up to $150,000 or $125,000, respectively.

Found Firefox vulnerabilities can net you up to $80,000, Windows 10 up to $75,000, and Adobe Reader and Flash up to $60,000 each. The firm is also offering a bonus structure for zero-day vulnerabilities, which adds to the initial payment for every quarter the exploit remains alive.

"Through the launch of the RSP, Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry," company president Logan Brown said in a statement.

Registered users can view zero-day and n-day hit lists on the new RSP website.

Apple did not immediately respond to a request for comment.

The tech titan—a long-time holdout in the bug bounty arena—announced its new program during last week's Black Hat event in Las Vegas. Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit. The program covers five issues, all on iOS or iCloud.

Historically, Apple shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 (or even $500,000) is a good payday, it's pennies compared to the upwards of $1 million third parties like Zerodium have paid security researchers to uncover Apple vulnerabilities.

In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.

Categories
GAMES
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    And Here is the Galaxy Note 7 in Three Fun Colors

    Moments after the long, 3-day weekend kicked off here (that’s code for: we peaced out and never looked back), we welcomed in a first set of press images of the upcoming Samsung Galaxy Note 7.We have front and back cameras, along with what appears to be an additional front camera (or two?
  • 5300c769af79e

    HTC Confirms Android N Update for One A9, M9, and 10

    No shock here, HTC confirmed on Twitter today that Android N will be made available to owners of the One A9, One M9, and HTC 10.According to HTC, delivery date of the Android N update will depend on when Google actually delivers Android N to manufacturers, and of course, carriers go through their testing/certification phase.
  • 5300c769af79e

    Here is the Google Home Super Bowl Commercial

    Yesterday’s Super Bowl LI was one for the ages, especially those last few minutes.It was everything a football fan can hope for, as long as you aren’t the ultimate Patriots hater.
  • 5300c769af79e

    President Donald Trump Still Uses an "Old, Unsecured Android Phone"

    According to the New York Times, President Donald Trump still uses an “old, unsecured Android phone” regularly.While we don’t necessarily have on-the-record proof of this happening, we do know that all of the Tweets you’ve seen from him since being sworn into office all appear to have come from the official Android Twitter app, hence the “Twitter for Android” we see attached to those pictured below.