Apple iPhones have long been held as the epitome of privacy and security, and have been the hardest to break into. Now Apple is keen to further build on that by making iOS even more secure than ever, and the company believes a nice way to start is to announce a new bug bounty program with an increased payout of up to $1.5 million.
As announced by the head of security engineering and architecture at Apple, Ivan Krstic, anyone who manages to hack Apple devices and services and shares the vulnerability with the company is liable to a max reward of $1 million. The company has defined a well structured pay-out program for security researchers.
The minimum pay-out being projected is $100,000 and applies to those able to find a way to access classified user info by installing a third-party app. The same amount is also applicable to those who manage to gain unauthorized entry to any iCloud account or can get past the lock screen via physical access to the device.
A bigger amount of $250,000 is there for the taking for anyone able to pull off more daring attacks such as CPU side-channel attack using a third-party app and such. Thereafter, there are half a million dollars on offer for anyone who can manage to gain unauthorized zero-click access to confidential user info over a network without requiring user intervention.
The max pay-out provisioned in the new bug bounty program is a million-dollar and applies to anyone who can pull off a full-chain kernel code execution attack again without requiring user’s interaction during any stage of the attack. Plus, there is another 50 percent bonus on offer as well if the researcher is able to report any bug in any pre-release build of Apple software.
All of this makes for a huge improvement over the max $200,000 that any researcher could make for reporting hacks. The other significant improvement with the new bug bounty program is that it now includes all Apple software such as iOS, iPadOS, macOS, tvOS and so on. Each of these platforms becoming mutually interacting in nature is perhaps the reason Apple needs to be sure there aren’t any loopholes anywhere.
To top these off, Apple is also offering a select few security researchers a special iPhone that has several of the security layers pulled off. With this, Apple hopes researchers will be able to delve deeper into the OS rather than tinkering on the surface and find loopholes across a wider spectrum of the platform.
Krstić was speaking at the Black Hat security conference when he made the above revelations.