Apple finally introduces bug bounty programme

Company will offer a maximum reward of $200,000 for flaws in its security

Bug bounty

Apple has finally announced the creation of a bug bounty programme, in order to let external researchers patch up any holes in its security. 

The company will pay security experts up to $200,000 (153,400) for flaws in its secure boot firmware, up to $100,000 for flaws exfiltrating confidential data from the secure enclave processor, and up to $50,000 for flaws executing arbitrary code with kernel privileges on iOS.

Additionally, Apple will offer a maximum of $25,000 to anyone that can get at user data within a sandboxed process, and a prize of up to $50,000 for anyone that can get into iCloud account information from its servers.

The news was announced at the annual Black Hat security conference by Ivan Krsti, Apple's head of security engineering and architecture. "We've had great help from researchers like you and the security mechanisms we build have gotten stronger," he said.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"The feedback that we've heard pretty consistently both from my red team and Apple and also directly is that it's getting more difficult to find some of the most critical types of security vulnerabilities."

The programme will be invitation-only at first, and will start off with a "few dozen" researchers. Krsti also added that if a researcher donates their bounty to charity, Apple will match the amount.

Bug bounty programmes, where companies pay hackers in exchange for telling them about any vulnerabilities they find in their software, are a staple of the security industry. Companies like Google, Microsoft, Uber, and even PornHub all use bug bounties as a way of encouraging hackers to discreetly report flaws rather than exploit them.

Despite being one the largest companies in the tech industry, Apple has waited longer than most of its competition to implement a bounty programme. The company has come in hard though, and its bounties are among the most generous offered by a major corporation.

Apple has not made public why it is finally opening up a bug bounty programme after so long, but it may have something to do with its spat with the US government earlier this year.

The FBI was attempting to force Apple to break its own encryption, but backed down after a third-party company did it for them. Apple consequently opened up its early iOS 10 code to developers, leaving it unencrypted, meaning developers could spot flaws and offer patches.

Featured Resources

How inkjet can transform your business

Get more out of your business by investing in the right printing technology

Download now

Journey to a modern workplace with Office 365: which tools and when?

A guide to how Office 365 builds a modern workplace

Download now

Modernise and transform your sales organisation

Learn how a modernised sales process can drive your business

Download now

Your guide to managing cloud transformation risk

Realise the benefits. Mitigate the risks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

23 Dec 2019
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/security/34616/the-top-ten-password-cracking-techniques-used-by-hackers
Security

The top ten password-cracking techniques used by hackers

10 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020