Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.

Apple Ups the Reward for Finding Major Exploits to $2 Million

posted by jelizondo on Thursday October 23, @06:00PM   Printer-friendly
from the fire-up-your-vibe-coding-machines dept.

hubie writes:

With bonuses, maximum rewards can be as high as $5 million:

Since launching its bug bounty program nearly a decade ago, Apple has always touted notable maximum payouts—$200,000 in 2016 and $1 million in 2019. Now the company is upping the stakes again. At the Hexacon offensive security conference in Paris on Friday, Apple vice president of security engineering and architecture Ivan Krstić announced a new maximum payout of $2 million for a chain of software exploits that could be abused for spyware.

The move reflects how valuable exploitable vulnerabilities can be within Apple's highly protected mobile environment—and the lengths the company will go to to keep such discoveries from falling into the wrong hands. In addition to individual payouts, the company's bug bounty also includes a bonus structure, adding additional awards for exploits that can bypass its extra secure Lockdown Mode as well as those discovered while Apple software is still in its beta testing phase. Taken together, the maximum award for what would otherwise be a potentially catastrophic exploit chain will now be $5 million. The changes take effect next month.

"We are lining up to pay many millions of dollars here, and there's a reason," Krstić tells WIRED. "We want to make sure that for the hardest categories, the hardest problems, the things that most closely mirror the kinds of attacks that we see with mercenary spyware—that the researchers who have those skills and abilities and put in that effort and time can get a tremendous reward."

[...] In addition to higher potential rewards, Apple is also expanding the bug bounty's categories to include certain types of one-click "WebKit" browser infrastructure exploits as well as wireless proximity exploits carried out with any type of radio. And there is even a new offering known as "Target Flags" that puts the concept of capture the flag hacking competitions into real-world testing of Apple's software to help researchers demonstrate the capabilities of their exploits quickly and definitively.

Original Submission

 
This discussion was created by jelizondo (653) for logged-in users only, but now has been archived. No new comments can be posted.
Apple Ups the Reward for Finding Major Exploits to $2 Million | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1) by fen on Thursday October 23, @11:43PM

    by fen (54588) Subscriber Badge on Thursday October 23, @11:43PM (#1421959)

    In this case, the ego is bigger than the money itself. You'll also get some dumbfarts who just want to win the lottery.