Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Zero-Day Acquisition Platform Triples iOS 10 Bug Bounty to $1.5 Million
Exploit acquisition platform Zerodium has increased its reward for a successful jailbreak of iOS 10 to $1.5 million, far surpassing Apple's recent payout offer for discovering and reporting vulnerabilities in its software.
Late last year, Zerodium briefly offered and paid out $1 million to one hacking team for the successful creation of a browser-based jailbreak for iOS 9.1 and 9.2, but dropped the going rate for an exploit to $500,000.
Rather than report the vulnerabilities to Apple, Zerodium said that it would sell the exploit to its customers, which include major technology, finance, and defense corporations, as well as government agencies.
Instead of being limited to a specific timeframe, the new $1.5 million reward is a permanent offer that aims to compensate for Apple's recently hardened security regime, said Zerodium founder Chaouki Bekrar.
Last month at the annual Black Hat Conference, Apple announced the launch of an invite-only Security Bounty Program that would offer rewards of up to $200,000 to researchers depending on the vulnerability discovered. Apple said the program would be limited to a few dozen researchers and would go live in September.
Earlier this week, several news media outlets were seemingly duped into reporting on an alleged 'secret' meeting of prominent hackers at Apple's Campus in Cupertino, which was supposed to include a briefing on the company's bug bounty program. The meeting was apparently a hoax perpetrated by the hackers themselves.
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
Late last year, Zerodium briefly offered and paid out $1 million to one hacking team for the successful creation of a browser-based jailbreak for iOS 9.1 and 9.2, but dropped the going rate for an exploit to $500,000.
Rather than report the vulnerabilities to Apple, Zerodium said that it would sell the exploit to its customers, which include major technology, finance, and defense corporations, as well as government agencies.
Instead of being limited to a specific timeframe, the new $1.5 million reward is a permanent offer that aims to compensate for Apple's recently hardened security regime, said Zerodium founder Chaouki Bekrar.
We've increased the price due to the increased security for both iOS 10 and Android 7, and we would like to attract more researchers all year long, not just during a specific bounty period as we did last time.At the same time, Zerodium's decision to up its bug bounty can be seen as a response to the imminent launch of Apple's own program.
Last month at the annual Black Hat Conference, Apple announced the launch of an invite-only Security Bounty Program that would offer rewards of up to $200,000 to researchers depending on the vulnerability discovered. Apple said the program would be limited to a few dozen researchers and would go live in September.
Earlier this week, several news media outlets were seemingly duped into reporting on an alleged 'secret' meeting of prominent hackers at Apple's Campus in Cupertino, which was supposed to include a briefing on the company's bug bounty program. The meeting was apparently a hoax perpetrated by the hackers themselves.
@qwertyoruiopz Forbes punk’d
— franz (@neozeed) September 28, 2016
Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
[ 108 comments ]
Top Rated Comments
(View all)
35 months ago
Why should not this be legal ?
If i sold a vulnerability of you home alrm system to someone would you like that?
35 months ago
If i sold a vulnerability of you home alrm system to someone would you like that?
Just because I don't like something doesn't automatically make it illegal.
35 months ago
You know, if Apple played their cards right, they could contract someone to work on their behalf and get $1.5Million of of Zerodium's money and directly benefit Apple. In fact, a truly conniving company could create a hidden 'vulnerability', sell it to Zerodium, fix the code right away and sink the potentially sabotaging company.
35 months ago
How is this even legal?
My thoughts exactly. This is a national security issue, not some business deal. We have the Patriot Act, but no legal requirement to report potential security vulnerabilities to the companies that make hardware and software?
Anybody who takes this 'bounty' should be held legally liable, along Zerodium, for any damages caused by a customer exploiting a bug...
35 months ago
"Rather than report the vulnerabilities to Apple, Zerodium said that it would sell the exploit to its customers, which include major technology, finance, and defense corporations, as well as government agencies."
Did anybody not see this part ?
Did anybody not see this part ?
35 months ago
Just because I don't like something doesn't automatically make it illegal.
All of this buying and selling of exploits amounts to a conspiracy to invade your property and your life.
There isn't a legitimate use for this information, which is why they all call themselves "researchers". Government has their own mechanisms. We absolutely should not farm out security to private contractors who are allowed to amass catalogues of undocumented exploits to important infrastructure. That would be totally ******* crazy.
35 months ago
Weaponized iOS exploit: $1.500.000
Weaponized Android exploit: $200.000
1500/200 = 7.5x sounds about right as a difference in security and value of the two platforms.
Weaponized Android exploit: $200.000
1500/200 = 7.5x sounds about right as a difference in security and value of the two platforms.
35 months ago
You mistakenly interpret this as a difference in security, where it could simply reflect a price difference in the equipment required to discover security flaws.
For all we know, iOS could have many more security flaws that Android has, but they're more expensive to find due to its closed-source aspect.
Apple has shown itself careless and cavalier with security flaws both on OSX and iOS, and coasts on its "security through obscurity" belief, which is hardly any security at all.
security through obscurity... what obscurity? iOS has a BILLION devices in use.
Zerodium's CEO words can't be more clear, let's requote them: "That means that iOS 10 chain exploits are either 7.5 x harder than Android or the demand for iOS exploits is 7.5 x higher. The reality is a mix of both"
[ Read All Comments ]
In iOS 13, Apple has extended the system's built-in screenshot feature to include the ability to save a full web page as a multi-page PDF.
Don't expect this option to appear when...
For this week's giveaway, we've teamed up with Twelve South to offer MacRumors readers a chance to win a prize pack that includes a BookBook vol. 2 for iPad Pro, an AirFly, and a set of...
O2 has became the latest network carrier in the United Kingdom to offer the cellular version of the Apple Watch Series 4. iPhone users can now order the LTE-enabled smartwatch through the O2 website,...
Unsolicited phone calls can become a regular annoyance and even a cause of stress for many smartphone users these days. Thankfully, Apple provides a feature in iOS 13 that can automatically silence...
The Iconfactory today announced it has released a significant update to its popular third-party Twitter client Twitterrific for iPhone and iPad. The latest version of the app contains over 50 new...
Apple yesterday released a new update for Safari Technology Preview, the experimental browser Apple first introduced three years ago in March 2016. Apple designed the Safari Technology Preview to...
Amazon and B&H Photo are discounting the latest versions of Apple's iPad Air this week, with each configuration of the tablet receiving a new all-time-low price tag. Amazon offers the largest...
Spotify today announced a new version of the "Your Library" tab in its mobile apps for iOS and Android, which is "designed to get you to the content you want faster." This update is...
