For the first time in history, Apple has announced an official bug bounty program for hackers who can detect and report security flaws in the range of Apple products. While Apple has taken several years to launch such a program, tech giants such as Google have had ongoing bug bounty programs since 2010! According to TechCrunch, the head of Security Engineering and Architecture at Apple, Ivan Krstic, has announced that Apple will now offer up to $200,000 to anyone that can report flaws in the company’s security measures.
Announcement:
Ivan Krstic was talking about the Apple’s security features at the Black Hat security conference when he mentioned the news of this bug bounty program. He further added that the company has now reached a point where their own testers and even hired security firms are facing difficulty in finding more bugs. Perhaps this is just a challenge for everyone to breach through Apple’s immaculate security?
Guidelines:
The guidelines for the bug bounty program are very specific and limited to detecting only certain security vulnerabilities in Apple’s services. The highest level of the bounty (i.e. $200,000) is to be paid to anyone that finds a bug in the boot firmware components found on Apple devices. Other bounty rewards of up to $50,000 are for gaining (unauthorized) access to Apple’s services such as iCloud. However, currently Apple is offering the reward to selected researchers only. Though, if anyone from outside this selected group is able to breach Apple’s security, the company is likely to reward them as well.
How to prove your claim:
To be eligible for the reward, a hacker has to provide a proof of concept report based on the latest version of iOS and Apple’s latest hardware. Apple will then decide the exact amount to be paid depending on the how critical the bug reported is, and how likely is it that a user will be exposed to the problem.