United States  

Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program

MacRumours.com Thursday, 8 August 2019
Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS, and iCloud as well as iOS devices, Apple's head of security engineering Ivan Krstić announced this afternoon at the Black Hat conference in Las Vegas.

Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.
Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.

With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Researchers who discover vulnerabilities in pre-release software before general release can quality for up to a 50 percent bonus payout on top of the base bug bounty amount.

As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.
Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

(Thanks, SecuritySteve!)This article, "Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program" first appeared on MacRumors.com

Discuss this article in our forums
0
shares
ShareTweetSavePostSend
 
Video credit: Wochit Tech - Published
News video: Why Is Apple Offering Hackers A $1-Million Dollar Reward?

Why Is Apple Offering Hackers A $1-Million Dollar Reward? 00:32

Apple is expanding its bug-bounty program. Apple says it will pay a $1 million reward to those who execute a specific iPhone hack. The hack is known as a zero-click full chain kernel execution attack. Additionally, the company says it's expanding the program to include platforms such as macOS,...

You Might Like


Related videos from verified sources

Apple to Supply Parts to Third-Party Repair Shops [Video]

Apple to Supply Parts to Third-Party Repair Shops

Apple to Supply Parts to Third Party Repair Shops. The tech giant has been known for strict policies regarding repairs. But now, the company will allow independent shops access to official Apple..

Credit: Wibbitz Top Stories     Duration: 01:01Published
Digital Trends Live - 8.29.19 - Apple Apologizes For Listening To You + IndyCar Champion Takuma Sato [Video]

Digital Trends Live - 8.29.19 - Apple Apologizes For Listening To You + IndyCar Champion Takuma Sato

On the show today: Apple apologizes for Siri listening and tapping your conversations; Apple also opens up to 3rd party repairs; Tesla to offer insurance to owners; NASA launches naming competition for..

Credit: Digital TrendsPublished

Related news from verified sources

Apple to Give Security Researchers 'Special' iPhones for Bug Testing, macOS Bug Bounty Program Coming

Apple is planning to give security researchers access to special iPhones that will make it easier for them to find security vulnerabilities and weaknesses,...
MacRumours.com

Apple's expanded bug bounty program covers all operating systems, payouts up to $1M, special iPhones, more

Apple is opening its bug bounty program to cover all of its operating systems, with the company expanding and improving the scheme to pay researchers for finding...
AppleInsider


Tweets about this