Over the past few years, majority of the tech companies have introduced bug bounty programs. The idea encourages hackers to discover defect that is vulnerable against cash rewards. Apple has finally taken a leaf out of such programs and thus they have announced their official bug bounty program.
Technology giant Apple is offering up to $200,000 to anyone who can breach their security. The announcement will definitely create a buzz and excitement among hackers to detect and report security flaws in Apple products.
Official announcement
Apple’s head of security engineering and architecture, Ivan Krstic while making an announcement to Black Hat attendees stated:
“Apple will begin offering cash bounties of up to $200,000 to researchers who discover vulnerabilities in its products”
Ivan Krstic is a Croatian computer security expert who is currently working on core security at Apple. He talked about this bug bounty program while talking about Apple’s security features at the Black Hat security conference.
Moreover, he added that company’s own testers and hired security agencies are finding it difficult to discover any bugs. It speaks volume of Apple’s impeccable security and as a result they have challenged everyone to breach their security.
Certain guidelines
The guidelines set by Apple are very specific. The bug bounty program has its limitations. A person will be compensated if he discovers certain security vulnerabilities in Apple’s services. The highest level of bounty i.e. $200,000 will be given to anyone who will detect a bug in the boot firmware components found on Apple devices.
Additionally, anyone who will gain an unauthorized access to Apple’s cloud service will be given a cash of $50,000. The technology giant is currently offering these rewards to selected researchers only. However, the company is likely to pay anyone from outside the specified group if they breach their security. The program launches in September with 5 categories [2 explained] of risk and reward:
1- Vulnerabilities that allow extraction of confidential material from secure enclave will be up to $100,000
2- Executions of arbitrary or malicious code with kernel privileges will be up to $50,000
3- Access from a sandboxed process to user data outside the sandbox will be up to $25,000
A hacker will be eligible for the reward if he provides proof-of-concept report. It should be based on the latest iOS and hardware. Later, the company will decide the precise amount to be paid depending on how critical the reported bug is.
Apple will also determine several factors for instance the clarity of the vulnerability report; the novelty of the problem and the likelihood of user exposure; and the degree of user interaction necessary to exploit the vulnerability.
Source: Techcrunch.com
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
