Apple offers bug bounties for security researchers | Inquirer Technology

Apple offers bug bounties for security researchers

/ 10:15 AM August 06, 2016

Apple opens up its security doors to get help from external security researchers to find vulnerabilities in their products. Image INQUIRER.net

One of the most secretive companies when it comes to security measures is Apple. But now the company is opening its security doors to hackers and researchers to help them find bugs and security vulnerabilities in its systems.

Apple’s head of security engineering and architecture, Ivan Krstic, made the announcement at Black Hat, saying Apple will offer up to $200,000 in bounties for finding vulnerabilities in its products, Tech Crunch reported.

Article continues after this advertisement

Krstic said the move is part of Apple’s ongoing work to help improve its security, adding that the in-house testers are increasingly finding it difficult to discover vulnerabilities and so it was time to start offering bounties to external researchers.

FEATURED STORIES

The bounty program is currently limited to researchers who have previously made relevant disclosures to the company. However, Apple will consider new researchers provided they offer useful disclosures. Eventually the company plans to expand the program to allow more researchers to participate.

Eligibility into the program requires proof of concept on the latest iOS and hardware. Then Apple will determine the exact amount based on clarity of vulnerability, novelty of the problem and likelihood of user exposure, as well as degree of user interaction necessary to exploit the vulnerability.

Article continues after this advertisement

The rewards are as follows:
* Vulnerabilities in secure boot firmware components: Up to $200,000
* Vulnerabilities that allow extraction of confidential material from Secure Enclave: Up to $100,000
* Executions of arbitrary or malicious code with kernel privileges: Up to $50,000
* Access to iCloud account data on Apple servers: Up to $50,000
* Access from a sandboxed process to user data outside the sandbox: Up to $25,000

But Apple’s not done. It also encourages researchers to donate their earnings to charity and will even double the donated amount if Apple approves of the selected institution.  Alfred Bayle

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TOPICS: Apple, Black Hat, Bug Bounty, security researchers
TAGS: Apple, Black Hat, Bug Bounty, security researchers

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.