قالب وردپرس درنا توس
Home / Apple / Apple adds Macs, watches and Apple TVs to $ 1 million bug bounty program

Apple adds Macs, watches and Apple TVs to $ 1 million bug bounty program



About three years ago, Apple began to pay security researchers for unknown vulnerabilities in iOS, and today it responds to many requests by adding macOS, watchOS and tvOS devices to the list. In addition, the company now offers a maximum reward of $ 1 million for the most serious security issues, giving researchers even more incentive to report rather than hear their findings.

The news went public today at the annual Black Hat Security Conference in Las Vegas (via TechCrunch), where leading Apple security developer Ivan Krstić revealed key updates to the bug promotion program. Apple will now pay $ 1 million for a seriously serious exploitation ̵

1; a zero-click attack that allows complete, persistent control of an iPhone core with nothing but knowledge of the device's phone number – up from a peak of $ 200,000 before. Less serious exploits will qualify for smaller amounts.

For the company, the risk of low payouts has been that security researchers will instead hand their findings to private organizations, such as Grayshift and Cellebrite, which will later leverage Apple's devices for profit. To further stimulate proactive reporting, Apple is also offering a 50% bonus to researchers who report pre-release vulnerabilities, and next year will provide select "controlled and reliable" researchers pre-loaded iPhones that may have vulnerabilities at the secure shell level.

Above: A list of new security researcher rewards for Apple's extended bug bounty program.

Apple TV, Apple Watch and Mac users will also benefit from the bug reporting software, which was previously largely focused on Apple's iPhones and iPads. In February, German security researcher Linus Henze criticized the company for not offering Mac bug amounts, and publicly disclosed a large Mac password protection that would otherwise be private. The Google Project Zero team has also weighed in on the issue, noting that Apple has left major Mac vulnerabilities that haven't been fixed for months at a time, compromising user security in the process.

Just this year, the company has twice restricted FaceTime access over iPhone and Apple Watch vulnerabilities that could seriously compromise users' privacy, allowing callers to listen to their missed devices. Researchers have also uncovered security issues in Macs & # 39; Intel chips and macOS & # 39; app whitelisting system, which can lead to widespread use of Apple computers.


Source link