Home / Mac / Apple Bug Bounty Program Nets Hacker Team Nearly $ 300,000 In Just Few Months

Apple Bug Bounty Program Nets Hacker Team Nearly $ 300,000 In Just Few Months



A group of hackers hit a gold mine while searching for vulnerabilities in Apple’s operating systems. According to a recent blog post, the team earned nearly $ 300,000 in bounties for the flaws they found in Apple’s ecosystem. The five-member began work on 6 July this year and ended his work on 6 October.

For the past three months, Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes have been working together to find bugs in Apple’s operating systems. The team identified 55 vulnerabilities, ranging in severity from critical to low.

The team has so far received 32 payments totaling $ 288,500. This sum includes $ 34,000 to detect a memory leak that contained customer data and $ 5,000 for a bug that could allow hackers to steal iCloud users̵

7; names.

The team suggested that they may have more bonuses, suggesting that they are likely to earn well over $ 300,000 for their efforts.

What is the Apple Bug Bounty program?

Last year, Apple launched a security premium program that pays hackers and developers who discover flaws in the company’s operating systems. The list of eligible operating systems includes all of Apple’s latest publicly available versions of iOS, iPadOS, macOS, tvOS or watchOS.

Developers who find critical issues must report both the bug and the techniques used to exploit it to Apple. Apple must be able to reproduce the issue to confirm its existence. Troubleshooters must also wait until Apple issues security advice before revealing the error publicly.

Apple will pay for each error with more money for the vulnerabilities that Apple is not aware of, and which are found in selected developers and public beta versions.

Apple also pays extra for “regression” errors, which were patched in earlier versions of the operating system, but reappear unexpectedly after an update. Payments range from $ 2,500 for less critical issues and climb to jaw-dropping $ 1,000,000 for significant vulnerabilities that allow hackers to execute core-level code without access to clicks.


Source link