Somedays before only news came from Porn Hub that they paid their Bug Bounty hunters $20,000 and now its time for tech giant Apple. Yes, now Apple has given an open challenge to the hackers that hack Apple(softwares) and get $200,000 reward for it. As, many company follow this policy of bug finders and they pay the hunters. So, following the streak Apple also launched the program.
Yesterday(04-08-2016), Apple at the Black hat security conference announced for the program. But, security researchers must disclose the flaw privately to the company. This announcement was done by Head of Apple security team Ivan Krstic and he said that ” company plans to offer $200,000 to researchers who reports critical security vulnerabilities in certain Apple software”. If we analyse the prize money, then its one of the biggest amount being payed by any company.
But, there is no scope for normal security researchers because Apple is giving the chance to those researchers only who had firstly disclosed any bugs in Apple softwares. Hence, Apple has limited the scope, but company will slowly increase the program. This program is gonna be launched in September, the program will offer bounties for a small range of iOS and iCloud flaws.
Full list of risks and their respective rewards:-
- Flaws in secure boot firmware components: Up to $200,000.
- Flaws which allow extraction of confidential data, which is protected by the Secure Enclave:Up to $100,000.
- Allowance of malicious or arbitrary code with kernel privileges:Up to $50,000.
- Unauthorized access to iCloud account data on Apple servers:Up to $50,000
- Access from a sandboxed processes to user data outside of that sandbox:Up to $25,000.
To fulfil eligibility criteria users must provide proof of the concept on the latest iOS and hardware with the clarity of bug report, and the degree of user interaction necessary to exploit the flaw.
Since, we all know that FBI was successful in Jail Break of an iPhone without any help from Apple. Hence we cold conclude that Apple has launched this program so that they may find these types of flaws in their softwares.