قالب وردپرس درنا توس
Home / Apple / Apple extends huge bounty program

Apple extends huge bounty program



After hearing rumors that Apple expanded the bug-bounty program earlier this week along with expectations of the company to begin releasing dev devices such as iPhones to security researchers, Apple at the Black Hat conference today confirmed a enormous expansion of its bounty program along with opening it to everyone.

Until now, Apple has restricted the bug bounty program to iOS and restricted those who can participate in it. One of the first major changes announced today by Apple's Chief of Security for Engineering Science and Architecture, Ivan Krstić is that the program opens to include all Apple platforms, even macOS and iCloud.

Moving forward, the expanded program will be open to all security researchers coming this fall, and Apple also shared a list of some of the new payouts that will go up to a million dollars. The original iOS bounty program paid out a $ 200,000 payout.

Amount to find bugs that allow bypass lock or unauthorized access to iCloud to pay $ 1

00,000. To detect vulnerabilities that could allow an attack via a user-installed app or network attack pay up to $ 250,000, while uncovering errors that will allow network attacks without user interaction pays up to $ 1 million. The top payout is reserved to detect a core code run with zero click with endurance. However, finding advance releases of errors can give researchers up to a 50% bonus.

Apple also detailed its new iOS Security Research Device program. It will be launched next year and will also be open to all, as long as applicants have a "track record of high quality system security research …"

This is what will put dev devices like special iPhones in the hands of researchers. Apple says it is a "unique, Apple-supported iOS security research platform" that has "ssh, a root shell and advanced troubleshooting features."

Top Image via mikeb

  OnlyBrush Smart Dental Travel Kit


Check out 9to5Mac on YouTube for more Apple news:


Source link