Apple to pay up to $1.5 million to those who can hack an iPhone or Mac
Apple has finally opened the doors of its security bounty program to all ethical hackers around the globe, and is willing to pay up to $1.5 million to those who can find the biggest security issues of the tech giant’s systems.
The issues hackers should find must be on the “latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration, and where relevant, on the latest publicly available hardware,” as per Apple’s statement regarding their security bounty program.
Before opening it to the public, the tech giant previously offered up to $1 million back in August to select security researchers if they are able to hack iPhones and Macs, and pinpoint their vulnerabilities, as per Forbes last Friday, Dec. 20.
Apple divided into categories the issues which should be reported on, with each issue having an equivalent maximum payout:
- Unauthorized access to iCloud account data on Apple Servers ($100,000)
- Device attack via physical access
- Lock screen bypass ($100,000)
- User data extraction ($250,000)
- Device attack via user-installed app
- Unauthorized access to sensitive data ($100,000)
- Kernel code execution ($150,000)
- CPU side channel attack ($250,000)
- Network attack with user interaction
- One-click unauthorized access to sensitive data ($150,000)
- One-click kernel code execution ($250,000)
- Network attack without user interaction
- Zero-click radio to kernel with physical proximity ($250,000)
- Zero-click unauthorized access to sensitive data ($500,000)
- Zero-click kernel code execution with persistence and kernel PAC bypass ($1,000,000)
The smallest maximum payout starts at $100,000 (over P5 million), which will be rewarded to those who can provide a report on the unauthorized access to iCloud account data on Apple servers.
The biggest maximum payout is $1 million (P50 million), which is for “a zero-click kernel code execution with persistence and kernel PAC bypass,” under its “Network attack without user interaction” category.
Apple is also willing to throw in an extra $500,000 (P25 million) if the issue reported is “unknown to Apple and are unique to designated developer betas and public betas.”
Apple however noted that hackers can still report security issues that are not specified on their listed categories and receive payment for them, as long as they are “with significant impact to users.” JB
Subscribe to INQUIRER PLUS to get access to The Philippine Daily Inquirer & other 70+ titles, share up to 5 gadgets, listen to the news, download as early as 4am & share articles on social media. Call 896 6000.