Rewards of up to $ 200,000 for those who communicate serious vulnerabilities to Apple. But the program will initially only by invitation and limited to a few dozen security researchers.
Albeit belatedly, even Apple is preparing to launch a new “bug hunt” program which will offer cash rewards in exchange for not yet identified vulnerabilities in its products.
Apple will offer up to $ 200,000 for a bug: the official announcement
The choice of Apple was announced by Ivan Krstic, software security chief company’s, during the Black Hat conference that opened its doors on July 30 in Las Vegas and ended on August 4.
The program will start during the month of September and will offer a variety of rewards for those vulnerabilities that may be present in the latest version of IOS or hardware of latest generation. This is the first initiative of its kind organized by Apple, in a scenario where the reward programs for vulnerabilities have become quite common and popular to encourage responsible communication once a vulnerability is identified.
$ 200 thousand, $ 100 thousand, $ 50 thousand or $ 25 thousand: to you the choice
Perhaps to apologize for the delay, the reward will have a very high roof: up to $ 200 thousand for those who discover the most serious problems in those parts of the firmware for the secure boot, the first line of defense of the devices.
In addition to maximum reward of $ 200 thousand, Apple will pay up to $ 100 thousand to those who find vulnerabilities that affect the extraction of confidential material protected by the Secure Enclave Processor. The company will pay out up to $ 50 thousand for vulnerabilities that allow the execution of arbitrary code with kernel privileges and the same will be done for those who find a way to access the data of iCloud account. Finally Apple reward with up to $ 25 thousand who will discover vulnerabilities that allow access by a process in a sandbox to user data out of that sandbox.
The new program will initially only by invitation, in a rather unusual for this kind of initiative, and will involve a few dozen researchers. Apple has however has already made it known that the program will gradually opening up as grows, and in the case that Apple is contacted by a non-a member for a significant bug, these will be integrated into the program. Apple decided to make this choice on invitation as a preventive filter for messages and ensure adequate support to trusted researchers.
There will be five categories of bugs for which, as we said, Apple will offer a reward of up to $ 200,000 for those vulnerabilities that could compromise the secure boot firmware components that could potentially undermine the Apple’s hardware protections and which usually are exploited for the creation of techniques and instruments jailbreak.