Earn up to $ 1 Million With Apple Expanded Bug Bounty

Posted on by

Apple products have a reputation for being fairly safe, but they’re not perfect . Now, if you are a great security researcher or white hat hacker and want to tackle other Apple devices and services besides iOS and iCloud, you can make a lot of money.

Ivan Krstic, Apple’s head of security and architecture, announced at this year’s Black Hat conference that Apple is expanding its bug bounty program to include all of its major platforms. Better yet, Apple is increasing its error payments.

Apple’s Bug Bounty Program is now rolling out to iOS, macOS, watchOS, tvOS, iPadOS, and iCloud, and all devices running those operating systems. The maximum payout for detecting a bug has been increased to $ 1 million, a big jump from the previous high of $ 200,000. Examples of valuable rewards for disclosing bugs include:

  • Lock Screen Bypass: $ 100,000
  • Extraction of user data: $ 250,000.
  • Unauthorized access to sensitive user data: $ 100,000.
  • Kernel Code Execution: $ 150,000
  • CPU Side Channel Attack on Valuable Data: $ 250,000
  • One-click unauthorized access to sensitive user data: $ 150,000.
  • Kernel code execution on click: $ 250,000
  • Zero-click radio communications with physical proximity attack to the core: $ 250,000.
  • No-click access to critical user data: $ 500,000.
  • Full-chain kernel persistence attack with no user interaction: $ 1,000,000.

In addition to these numbers, bug hunters can get a bonus of up to 50 percent for finding vulnerabilities in pre-build builds.

Why is Apple increasing payouts? In addition to encouraging more security researchers to study Apple products, it also makes it more profitable for those researchers to disclose their Apple vulnerabilities rather than selling them to groups of hackers who want to take advantage of the security flaws. (Hopefully.)

For those interested in Apple’s Bug Program, see the official Apple Security and Privacy Vulnerability Support page , which includes bug disclosure guidelines and more information about the bounty program in general.

More…

0
Uncategorized

Leave a Reply