In the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program
Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS, and iCloud as well as iOS devices, Apple's head of security engineering Ivan Krstić announced this afternoon at the Black Hat conference in Las Vegas.
Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.
Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.
With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.
Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount.
As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.
Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.
(Thanks, SecuritySteve!)
Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.
Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.
With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.
Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount.
As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.
Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.
(Thanks, SecuritySteve!)
[ 33 comments ]
Top Rated Comments
(View all)
25 weeks ago
This is welcome news. It would be nice if Apple could fully secure its own software but that's just not how the industry works.
There's an old saying I'll paraphrase. "No plan of battle survives first contact with the enemy".
No software testing can put every piece of software into every possible configuration. One different application, combined with a different time zone, and a screen configuration can change things enough for something inside to cry "uncle".
Just like my old man used to say. Never buy the first year of a new model car or truck. Give it a year or two for some other idiot to find out the wiper switch doesn't like prune fumes, or some other issue no one thought up....
25 weeks ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Highly doubt that — Just more eyes looking. Apple is secretive, not cheap. They have an information-sharing issue.
25 weeks ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Also, there are legal issues if an Apple engineer reverse engineers third-party apps on their platform and looks at their code, to use as part of an attack. This could lead to accusations that Apple copied from third parties' code, something that independent researchers don't run into.
25 weeks ago
these rates look competitive compared to black market rates especially since the money is clean.
25 weeks ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
25 weeks ago
time to get PAID
Lol, you have a zero-click kernel code execution with persistence bug you found, that you’ve been sitting on???By all means, sir.... GET PAID!
25 weeks ago
Hackers are now called "researchers".
Depends on what color hat you wear.
25 weeks ago
This is great news. If it’s far more profitable for people to sell exploits on the black market, they might do that.
Unfortunately this is just a cost of doing business - and the more secure the system, the more valuable exploits are (since they are more rare).
Unfortunately this is just a cost of doing business - and the more secure the system, the more valuable exploits are (since they are more rare).
[ Read All Comments ]
Apple will be opening an online Apple Store in India to start official online sales of iPhones, iPads, Macs, and more in the country starting in the third quarter of 2020, reports TechCrunch.
...
During the question and answer section of today's earnings call for the first fiscal quarter of 2020, Apple CEO Tim Cook was asked when he felt that people would feel the first impact of AR on...
Apple's services category, which includes iTunes, the App Store, the Mac App Store, Apple Music, Apple Pay, AppleCare, Apple TV+, Apple Arcade, and more, has become a significant revenue driver...
In today's earnings release where Apple reported record numbers due to the strength of iPhone sales, wearables, and services, Apple said that it now has 1.5 billion active devices.
Apple CEO...
Alongside iOS and iPadOS 13.3.1, Apple has released new 13.3.1 software for the HomePod, introducing some minor bug fixes and performance improvements.
Today's update brings support for...
Apple today released macOS Catalina 10.15.3, the third update to the macOS Catalina operating system that was released in October. macOS Catalina 10.15.3 comes over a month after the release of macOS...
Apple today released watchOS 6.1.2, the fourth update to the watchOS 6 operating system designed to run on modern Apple Watch models. watchOS 6.1.2 comes more than a month after the release of...
Apple today released tvOS 13.3.1, a minor update to the tvOS 13 operating system that runs on the fourth and fifth-generation Apple TV models. tvOS 13.3.1 comes over a month after the release of tvOS...
