Apple Bug Bounty Program Offers $200,000 To Find Vulnerabilities in iOS and iCloud

Must Read

LinkedIn Finally Rolls Out The Most Requested Feature By Users

Microsoft owned LinkedIn has recently been reported to have revamped its profile section with an amazing feature...

Facebook Without Mark Zuckerberg And Sheryl Sandberg?

Imagine Facebook without Mark Zuckerberg and Sheryl Sandberg, the current CEO and COO of the world's largest...

Google is Giving Microsoft a Taste of its Own Medicine

The latest version of the Microsoft Edge browser was launched about a month ago for Windows 10,...
Abhishekhttp://dazeinfo.com
A Mechanical Engineer, having fondness of numbers and analysis. I love to read between lines, discuss with the industry leaders and carefully craft my thoughts backed with data. I'am a hungry explorer whose plight never ends. Comfort zone never exists for me.

After much of delay and speculations, the long awaited Apple bug bounty program is here. At Black Hat conference, Apple Inc. (NASDAQ:AAPL) announced that the company is in the planning stage to launch its first-ever bug bounty program in September. It came as a surprise to many as most of the major announcements that are made by Apple always takes place at WWDC.

Reportedly, the Cupertino giant is slated to offer up to $200,000 for successfully pointing out bugs and security related issues in its devices. The company has agreed that its in-house researchers, testers, and contract security firms are having some major difficulties in identifying many bugs.

The Program would be launched on an invite-only basis. But in case a non-invitee comes up with an important security issue or a bug, he would be automatically invited to the program. A proof of concept would be required by Apple if one successfully points out a bug to be eligible for the reward. After that, Apple would look into the matter and accordingly determine the reward. The elements that would play a role in determining the reward include clarity of bug report, novelty, exposure limit and degree of interaction with the user.

Advertisements

Apple Bug Bounty Program

The risks that would determine the reward are:

  • Vulnerability in secure boot firmware components – up to $200,000
  • Bugs that would allow extraction of confidential material from Security Enclave – up to $100,000
  • Execution of arbitrary or malicious code with kernel privileges – up to $50,000
  • Predicting the Unauthorized access to iCloud account data on Apple Servers – up to $50,000
  • Access from a sandboxed process to user data outside the sandbox – up to $25,000

“We believe that these payment amounts ($200,000) are commensurate with the level of difficulty in attacking some of these systems.” announced by Ivan Krstic, Head of Security engineering and architecture at Apple at the Black Hat conference.

According to Securosis CEO, Rich Mogull, iOS security enthusiast, the relationship between Apple and its researchers have been on a rough patch from quite long. Therefore, the bug bounty program launched by Apple may be regarded as a wise move.

Major breaches haunted Apple in the past

In the past, Apple iCloud suffered major security breaches including the celebrity cloud photo hack. $200,000 appears quite minuscule when we compare the amount to what FBI paid (around $1 million) to the third-party hackers to unlock the iPhone of the shooter Syed Rizwan Farook, involved in San Bernardino attack in the last year.

Apple’s iOS and Mac are considered as the most secure OS in the world. On the contrary, the iOS that runs the iPhone sits at the number 2 position in the list of most vulnerable OS with 375 vulnerabilities according to a report. Ironically, the Android OS that is assumed to be most vulnerable OS in the world sits at the 20th spot on the list with 130 vulnerabilities.

Advertisements

Bug Bounty: A new venture?

Bug bounties have been a common phenomenon in Information Technology sector. But recently, automotive industries including Tesla Motors, General Motors, Uber, and Fiat Chrysler are also among the firms that have launched these kinds of programs. It surprises many as the futuristic vehicles rely heavily on Artificial intelligence and software that are prone to various vulnerabilities.

Earlier, Google shelled out a whopping $550,000 to 82 researchers who successfully pointed out the Vulnerabilities in Android platform. Since the launch of its Android Reward program, the Silicon Valley giant has awarded $1.5 million to the researchers who have reported vulnerabilities in its Google and Chrome Products.

Twitter also paid a considerable $322,420 in bounties in an attempt to make the social network vulnerability free over the span of two years. Despite, there have been a series of Twitter account hacks of famous celebrities recently.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Apple, TikTok Hiding Something That Could Be The Cause Of Concern?

Apple and TikTok have reportedly denied testifying at a congressional hearing in March concerning their ties and...

This E-Commerce Underdog Is Challenging Biggies Such As Amazon And Flipkart In India

The eCommerce market in India is flourishing like before. All thanks for exploded adoption of Internet and Smartphone. Amazon and Flipkart are...

Is Amazon Hand In Glove With Fraudulent Delivery Partners in India?

Amazon.com, Inc. (NASDAQ:AMZN) is a global tech behemoth largely driven by the growth of its eCommerce business. They have long boasted about...

Warren Buffett Acquires An iPhone, And It’s Huge Technological Upgrade For Him!

Yes, you read it right; Warren Buffett has acquired an iPhone, finally! One of the world's richest people on...

PayPal To Throw Their Hat In The Ring For UPI Payments Service In India

It was more than two years ago wherein Paypal, the global digital payments giant decided to launch its operations in India in...

Microsoft B2B Startup Program: $10 Million For 100 SaaS Based Startups In India!

A new first of its kind Microsoft B2B startup program to help SaaS-based startup is announced today. Microsoft Corporation...

In-Depth: Dprime

YouTube Should Have Bid Adieu To Dislike Button Much Earlier?

Online video sharing platform YouTube can be a ruthless place for content creators targeted by 'dislike mobs'. And the site owners totally understand that...

Facebook Has Pulled Off A Masterstroke By Integrating Its ‘Family Of Apps’?

It’s indeed hard to believe that ONE man sitting at Menlo Park, oversees how nearly a third of the world’s population interacts with each...

Facebook’s Crunch Conquest: By Relying Largely On The US Market, Is Facebook Running a Risk?

Two billion! That's Facebook, Inc. (NASDAQ: FB) for you - Right when you thought that this social-media giant has already connected the entire world, it's...

More Articles Like This