Apple Arrives Late To Bug Bounty Arena, Offers Up To $200K For Serious Vulnerabilities
Even Apple's software isn't immune to security holes and vulnerabilities. An admission of such by Tim Cook and the gang comes in the form of a new bug bounty program Apple announced at the Black Hat conference today in Las Vegas, Nevada. The program kicks off in September and will offer cash rewards for certain exploits.
Apple's interested in vulnerabilities that affect iOS, it's mobile operating system, as well as any that might be present on its latest hardware devices. This is the first time Apple's offered a public bug bounty program with cash rewards, and those who participate stand to earn up to $200,000 per vulnerability, the max payment amount.
At #BlackHat2016, Apple just announced a new Security Bounty program and has promised to prioritize pushing updates. pic.twitter.com/1jXW1tNMrb
— Jay Freeman (saurik) (@saurik) August 4, 2016
The top award applies to vulnerabilities that wreak havoc with secure boot firmware components, which are sometimes used for jailbreaking software. After that, the next highest reward is $100,000 for extraction of confidential material protected by the Secure Enclave Processor, followed by $50,000 each for execution of arbitrary code with kernel privileges and hacking iCloud data. The lowest tier pays for $25,000 in exchange for bugs that allow access from a sandboxed process to user data that exists outside the sandbox.
Bug bounty programs are popular in the technology industry. Many companies offer them, including Google, Facebook, and Microsoft. Now Apple joins the fray, albeit a little slowly—the bug bounty program will begin as an invite-only affair with just a few dozen security researchers being asked to participate. Apple said it will open the program up to more members as it grows, and if a researchers approaches Apple with a major vulnerability, he or she may be invited into the program as well.
Bug bounty programs are popular in the technology industry. Many companies offer them, including Google, Facebook, and Microsoft. Now Apple joins the fray, albeit a little slowly—the bug bounty program will begin as an invite-only affair with just a few dozen security researchers being asked to participate. Apple said it will open the program up to more members as it grows, and if a researchers approaches Apple with a major vulnerability, he or she may be invited into the program as well.
