Apple finally rewarding people for finding security flaws


Apple finally rewarding people for finding security flaws

Apple announced the launch of a bug bounty program, offering up to $200,000 for some discoveries.

Apple’s head of security engineering and architecture, Ivan Krstic, made the announcement at Black Hat. The bug bounty program will get underway in September.

It has taken Apple some time to embrace this type of initiative, which sees researchers and hackers rewarded for their discoveries and submissions of security vulnerabilities. In fact, Apple was criticised during its battle with the FBI when the latter was trying to break into an iPhone used by Syed Farook, one of the individuals involved in the San Bernardino shooting last December. It was believed that Apple's unwillingness to reward researchers to share information of vulnerabilities resulted in the FBI being able to find a third party to exploit a flaw.

Krstic told attendees at Black Hat, “Feedback that we’ve heard pretty consistently both from my team at Apple and also from researchers directly is that it’s getting increasingly more difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple.”

There will be five categories of risk and reward:

  • Vulnerabilities in secure boot firmware components: Up to $200,000
  • Vulnerabilities that allow extraction of confidential material from Secure Enclave: Up to $100,000
  • Executions of arbitrary or malicious code with kernel privileges: Up to $50,000
  • Access to iCloud account data on Apple servers: Up to $50,000
  • Access from a sandboxed process to user data outside the sandbox: Up to $25,000

Interestingly, Apple is hoping that researchers who receive a reward will do some good with it. Apple is encouraging them to donate their reward to charity, and if Apple approves of a researcher’s selected institution, it will match their donation.

Apple finally rewarding people for finding security flaws on
About this author
Staff Writer
Recent Articles by this author
29 September, 2016
Director Antoine Fuqua has been doing a great job in recent years with hits like...
29 September, 2016
Gears of War 4 is coming soon, and it's going to kick off with an extended prologue....
26 September, 2016
If you thought Snapchat was all about social messaging your information is so last...
16 September, 2016
If you’re budgeting your time for future game releases, you may want to leave...