Heads up! Finally, Apple officially announced to turn-on their long-awaited bug bounty program that will compensate up to $200k to the security researchers who’ll be able to find critical vulnerabilities in their software. This is the best decision so far to protect the privacy of their users.
Due to a lot of private data increment into the systems, big companies have problems with their security. So for the last few years they’ve been looking forward to launch bug bounty programs to receive and accept vulnerability reports from the security researchers who helps them to tighten their security and receive bounties in return. Even those companies which haven’t been so good with the technical bug bounty programs have outsourced their security to third-parties outside.
But Apple was on-hold and refusal to pay any bounties to those who find critical vulnerabilities into their systems which really was frustrating. But now they’ve showed up with desire to take this thing up on high-stakes with the cash bounties of up to $200k.
In fact, Apple had some trouble with the government in San Bernardino case in which FBI reportedly paid around $1 Million for the exploit that it used to break into the iPhone. Apple had a reason that the government, law enforcement and black markets pay huge bounties to the security researchers and so that’s why perhaps Apple wasn’t interested to bid at all. But undoubtedly, $200k reward is not a joke, but a fantastic and sizable reward ever offered by the corporate bug bounty programs. Needs to think about it and Apple did because they even faced a massive criticism to tackle their security properly. They’re on the work now!
However, Apple divided their bug bounty program into 5 different categories:
- If vulnerabilities found in secure boot firmware components, the reward will be $200k cash.
- If vulnerabilities that allow extraction of confidential material from Secure Enclave are found, the reward will be $100k.
- Code execution with kernel privileges, the reward will be $50k max.
- Attempting unauthorized access inside iCloud account data, the reward will be $50k max.
- Accessing data external to a sandboxed process, the reward will be $25k max.
In order to receive these bounties from Apple, a security researcher will have to provide proper Proof-Of-Concept to the company for any vulnerability they’ve found inside iOS software or hardware.
Well, the question is; What will be the future of jailbreaking in iOS? The security process will begin to tighten by now. What do you say about it? Comment below and let us know about your thoughts.
You may also like to check out: Official Announcement: Apple’s iOS 10 Will Land With 100 New Emojis