- Get link
- Other Apps
Apple has just updated the rules of the error rewards program by announcing some major changes at a news conference held at the annual Black Hat security conference yesterday.
One of the most attractive updates is ...
Apple has dramatically increased the maximum reward for the error rewards program from $ 200,000 to $ 1 million - by far the biggest reward offered by any major technology company for reporting weaknesses in its products.
Payments of $ 1 million will be rewarded for exploiting a severe killer - a vulnerability in one-click kernel code execution that allows full and continuous control of the device kernel. Less severe exploits are eligible for smaller payments.
What more?
From now, Apple's error rewards program includes all its operating systems, including macOS, watchOS, tvOS, iPadOS, and iCloud.
Security researchers and bounty hunters will be rewarded for detecting only vulnerabilities in the iOS mobile operating system.
Starting next year, Apple will also provide previously broken iPhones to a select group of trusted security researchers as part of the iOS Security Research Device Program. New software was first reported by Forbes.
Although anyone can apply to receive one of these special iPhones from Apple, the company will distribute only a limited number of these devices and only qualified researchers.
Not convincing enough? Bonus rewards are also waiting for you ...
In addition to the $ 1 million maximum bonus, Apple also offers a 50% bonus to researchers who find and report security vulnerabilities in the pre-release (beta) program before its public release - bringing the maximum bonus to $ 1.5 million.
You can apply for Apple's revised error rewards program later this year, which will be open to all researchers, rather than a limited number of Apple-certified security experts.
Security researchers and bonus hunters are likely to welcome the expansion and the huge push to pay Apple bugy bunty compensation, which publicly disclose the vulnerabilities they have found in Apple products or sell them to private vendors such as Zerodium, Cellebrite and Grayshift, who deal in zero-day exploits. Order profit.
Do you have something to say about this article? You can comment below or share it with us on Facebook, Twitter or LinkedIn Group.
Comments
Post a Comment