Apple offering Rs. 7 crore to detect flaws in iPhone
Apple has long been running a bug bounty program under which independent researchers could flag critical issues in the iOS and bag a reward in return. The effort has largely proved handy in detection and handling of major bugs, but now, the Cupertino giant is expanding the same to other products in its portfolio. Plus, it's even offering a way bigger payout. Details follow.
Apple's bug bounty program was restricted only to iOS
For years, ethical white hat hackers have been raising concerns over the scope of Apple's bug bounty program. They said, the project only covered iOS, which left a void for incentive-hungry security researchers who could sell the discovery of vulnerabilities in other Apple platforms to exploit brokers on the dark web. This, the hackers emphasized, increased the risk of potential attacks from bad actors.
Now, Apple has responded on the matter
At the Black Hat security conference in Las Vegas, Ivan Krstić, Apple's head of security engineering, announced that the company is addressing bug bounty-associated concerns by expanding the program. He said, along with the iOS program, the company will now run a new bug-bounty allowing security researchers to discover and report issues in macOS, tvOS, watchOS and iCloud in exchange for cash rewards.
Max payout increased to up to $1 million
Along with program expansion, Apple also increased the maximum cash payout that security researchers flagging bugs would receive from the company. Specifically, the promised bug bounty amount has been increased from up to $200,000 to $1 million. So, if you manage to flag a high-risk vulnerability in Apple's products, be it an iPhone or MacBook, the company could pay you up to Rs. 7 crores.
Additional 50% bonus for pre-release builds
Apple has also said that it would pay an additional 50% bonus, or $500,000, to those who will discover critical bugs in pre-release builds and report them to the company before general release of the software.
Plus, special iPhones will be given to security researchers
Notably, Apple has also confirmed that it will give away certain 'dev' iPhones to a handful of vetted and trusted security researchers. These devices, given away as part of the company's iOS Security Research Device Program, will give programmers a higher degree of access to iPhones' underlying software for the detection of hard-to-find vulnerabilities. This will further boost the security of iPhones.
