If you are one of those geeks that fiddle with the various operating systems looking for bugs, you should take note of this.
Though most tech companies such as Google, Microsoft,Facebook have bug bounty programs and have been paying for discovering bugs, Apple has remained a holdout. Well this is going to change.
Beginning this fall, Apple says it will be starting a bug bounty program. Though it is starting small but at least it is offering bounties for a small range of iDevice and iCloud bugs. This announcement was made by Apple’s head of security engineering and architecture, Ivan Krsticat, at this year’s Black Hat conference.
The full list of the bounties is as shown below:
- Secure boot firmware components: Up to $200,000
- Extraction of confidential material protected by the Secure Enclave: Up to $100,000.
- Execution of arbitrary code with kernel privileges: Up to $50,000.
- Unauthorized access to iCloud account data on Apple servers: Up to $50,000.
- Access from a sandboxed process to user data outside of that sandbox: Up to $25,000.
However researchers will need to provide a proof-of-concept on the latest iOS and hardware, to be eligible for a reward. Although each category of vulnerability maxes out at the given rate, Apple will determine the exact reward amount based on several factors: the clarity of the vulnerability report; the novelty of the problem and the likelihood of user exposure; and the degree of user interaction necessary to exploit the vulnerability.
The program launches in September 2016.
1 Comment
iCloud is a vital aspect of the Apple experience. When you get a new iPhone, iPad, Mac, or Apple TV, signing into iCloud is one of the first steps. iCloud is now a crucial part of managing documents, photos, and videos as well. iCloud isn’t perfect, though