The Hacker News Logo
Subscribe to Newsletter

Hack Apple & Get Paid up to $200,000 Bug Bounty Reward

apple-bug-bounty-program
So finally, Apple will pay you for your efforts of finding bugs in its products.

While major technology companies, including Microsoft, Facebook and Google, have launched bug bounty programs over last few years to reward researchers and hackers who report vulnerabilities in their products, Apple remained a holdout.

But, not now.

On Thursday, Apple announced at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company's products.

How much is a vulnerability in Apple software worth? Any Guesses?

It's up to $200,000.

Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software.

While that's certainly a sizable bounty reward — one of the highest rewards offered in corporate bug bounty programs.

Apple Bug Bounty Program — Invite Only, For Now


Well, for now, Apple is intentionally keeping the scope of its bug bounty program small by launching the program as invitation-only that will be open only to limited security researchers who have previously made valuable bug disclosures to Apple.

The company will slowly expand the bug bounty program.

Launching in September, the program will offer bounties for a small range of iOS and iCloud flaws.

Here's the full list of risk and reward:

  • Flaws in secure boot firmware components: Up to $200,000.
  • Flaws that could allow extraction of confidential data protected by the Secure Enclave: Up to $100,000.
  • Vulnerabilities that allow executions of malicious or arbitrary code with kernel privileges: Up to $50,000.
  • Flaws that grant unauthorized access to iCloud account data on Apple servers (remember celebrity photo leak?): Up to $50,000.
  • Access from a sandboxed process to user data outside of that sandbox: Up to $25,000.
For the eligibility of a reward, researchers will need to provide a proof-of-concept (POC) on the latest iOS and hardware with the clarity of the bug report, the novelty of the bounty problem and the possibility of user exposure, and the degree of user interaction necessary to exploit the flaw.

Decision Comes in the Wake of the FBI Scandal


Earlier this year, Apple fought a much-publicized battle with the FBI over a court order to access the locked San Bernardino shooter's iPhone.

When the FBI forced Apple to unlock the shooter's iPhone, it refused, eventually making the bureau hire professional hackers to break into the iPhone -- supposedly paying out over $1 Million.

Perhaps the company is trying to eliminate these lucrative backdoors into its software to make its iOS devices so secure that even the company can not crack them.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.