Apple Launching Invite-Only Bug Bounty Program


Touch ID on iPhone

At the Black Hat conference, Apple announced that it is planning a bug bounty program that will offer hackers cash in exchange for revealing undisclosed vulnerabilities in their products. The program will launch in September and will hand out cash against working exploits on the latest version of iOS or the latest hardware from Apple. 

The program will be invite-only initially, with a few dozen researchers onboard. However, Apple says that it can open more as it grows. Plus, if someone provides Apple with a significant bug, they will be invited to the program. The company is going with an invite-only method to keep suspicious submissions away and to ensure trusted researchers get adequate support from it.

The payout for the bounties will depend on how critical and severe they are, which is spread across five different categories. For vulnerabilities discovered in the secure boot firmware components, the company will pay as much as $200,000, while vulnerabilities that allow extracting of data from the Secure Enclave Processor have a payout of up to $100,000. Unauthorized access to iCloud account and execution of arbitrary code with kernel privileges have a bounty of $50,000. Finally, accessing user data outside of a sandboxed process has a bounty of $25,000. Apple will also encourage researchers to donate their money to charity and will match their donations if they do.

This move from Apple can be seen as a way to improve its relationship with the hacker community and researchers who are interested in helping the Cupertino company increase their security.

[Via The Verge]

Like this post? Share it!