In the market for an iPhone? Here's a breakdown of all the currently shipping iPhones from Apple.
Apple Officially Launches Public Bug Bounty Program Covering All Apple Software
Apple today officially opened its bug bounty program to all security researchers, after the company announced the expansion plan at the Black Hat conference in Las Vegas earlier this year.
Prior to now, Apple's bug bounty program was invitation-based and non-iOS devices were not included. As reported by ZDNet, from today any security researcher who locates bugs in iOS, macOS, tvOS, watchOS, or iCloud will be eligible to receive a cash payout for disclosing the vulnerability to Apple.
Apple has also increased the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.
Apple says it will add a 50 percent bonus on top of the standard payout for bugs found in beta software, which allows the company to nix the issue before the OS version goes public. It is also offering the same bonus for so-called "regression bugs" – these are bugs that Apple has patched in the past but which have been accidentally reintroduced in a later version of the software.
Apple has published more information on its website detailing the bug bounty program's rules, as well as a full breakdown of the rewards being offered to researchers based on the exploits they uncover.
When submitting reports, researchers must include a detailed description of the issue, an explanation of the state of the system when the exploit works, and enough information for Apple to reliably reproduce the issue.
Next year, Apple plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, or special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.
These iPhones are being provided as part of Apple's forthcoming iOS Security Research Device Program, which aims to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.
Prior to now, Apple's bug bounty program was invitation-based and non-iOS devices were not included. As reported by ZDNet, from today any security researcher who locates bugs in iOS, macOS, tvOS, watchOS, or iCloud will be eligible to receive a cash payout for disclosing the vulnerability to Apple.
Apple has also increased the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.
Apple says it will add a 50 percent bonus on top of the standard payout for bugs found in beta software, which allows the company to nix the issue before the OS version goes public. It is also offering the same bonus for so-called "regression bugs" – these are bugs that Apple has patched in the past but which have been accidentally reintroduced in a later version of the software.
Apple has published more information on its website detailing the bug bounty program's rules, as well as a full breakdown of the rewards being offered to researchers based on the exploits they uncover.
When submitting reports, researchers must include a detailed description of the issue, an explanation of the state of the system when the exploit works, and enough information for Apple to reliably reproduce the issue.
Next year, Apple plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, or special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.
These iPhones are being provided as part of Apple's forthcoming iOS Security Research Device Program, which aims to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.
Tag: Apple security
[ 30 comments ]
Top Rated Comments
(View all)
5 weeks ago
Definitely incentivizes people to find vulnerabilities the legit way while also getting compensated
Huge increase of the maximum payout too! $200,000 to $1 million
I'm glad that Apple is finally doing this program...
Huge increase of the maximum payout too! $200,000 to $1 million
I'm glad that Apple is finally doing this program...
5 weeks ago
I got want all ready: Computer is buggy.
Reproductive steps: Install macOS Catalina.
Reproductive steps: Install macOS Catalina.
5 weeks ago
This is great news, sure it will cost a lot of money to run, but it will pay off in security and loyalty. It was always a mystery why only iOS devises were open for bounty. I suppose Apple wanted to finish Catalina first and prevent more exploits with stronger Catalina security features.
5 weeks ago
Yeah great idea. Let’s put a billion Mac and iOS users at risk to satisfy your ridiculous and uninformed notion that security risks only occur due to laziness and lack of testing.
5 weeks ago
Should have happened years ago. I expect a lot of people are going to earn very well from this.
5 weeks ago
Sounds like with this and the new pro machines that there is a big change in the management thought process.
5 weeks ago
Yeah great idea. Let’s put a billion Mac and iOS users at risk to satisfy your ridiculous and uninformed notion that security risks only occur due to laziness and lack of testing.
The unfortunate part is that where these bugs exist, you must assume they are being exploited by bad actors out there. Previously Apple has been unresponsive to some major exploits that people have reported on their good will.
It was just this summer we learned of several bugs being used to exploit iPhone targets after funneling them to a website and that had been going on for at least 2 years.
5 weeks ago
I am sure we are going to hear on the forum over and over how someone here sent in something and never received a response and apple then patched the issue without anyone knowing...
This is good for everyone and hope some of the bugs that the apple team does not know how to solve will get solved by others outside of their "payroll". Apple saves a lot of money when others not on their payroll, retirement, health insurance etc. finds something and apple just has to pay a flat fee for the fix. Good thinking apple.
This is good for everyone and hope some of the bugs that the apple team does not know how to solve will get solved by others outside of their "payroll". Apple saves a lot of money when others not on their payroll, retirement, health insurance etc. finds something and apple just has to pay a flat fee for the fix. Good thinking apple.
5 weeks ago
I got want all ready: Computer is buggy.
Reproductive steps: Install macOS Catalina.
No worries; to solve this problem, simply find a solution.
[ Read All Comments ]
The Powerbeats Pro have returned to their lowest-ever price of $199.95 on Amazon, down from $249.95. This sale is the same one we've been tracking for the Powerbeats Pro since last fall,...
Samsung is said to be working on its own answer to AirDrop, Apple's ad-hoc service that lets users transfer files among Macs and iOS devices over Wi-Fi and Bluetooth.
According to XDA...
Apple has leased the entirety of the so-called "Triangle Building" near Apple Park in San Jose, California, reports The Mercury News.
The prominent six-floor building is located at...
Since the launch of iOS 13 last fall, third-party access to users' background location data has reportedly declined by 68 percent, according to Location Sciences, a firm that analyzes location...
Apple this afternoon sent out emails advertising its latest Apple Pay promotion, which offers 10 percent off of a purchase from the StubHub app.
StubHub is an online ticketing company that lets...
Longtime Apple supplier Broadcom today announced that it has signed two multi-year deals with Apple that cover a "range of specified high-performance wireless components and modules" that...
Apple is developing a podcast for Apple TV+ show "Little America," show creator Lee Eisenberg revealed today in an interview with Forbes.
In the interview, Eisenberg says that the...
"Servant," an Apple TV+ thriller produced and directed by M. Night Shyamalan, uses food to evoke a visceral reaction from viewers.
In a new video shared on Apple's Apple TV YouTube...
