Apple will reward hackers $200,000 in bug bounty program

Apple will offer bounties for vulnerabilities found in some of its hardware and software

Tags: Apple IncorporatedCloud computingCyber crimeFacebook IncorporationInstagram (instagram.com/)Microsoft Corporation
  • E-Mail
Apple will reward hackers $200,000 in bug bounty program The iPhone giant has revealed that the bounty program has been set in place due to such bugs are becoming harder to find. (Getty Images)
By  Aasha Bodhani Published  August 7, 2016

Apple has joined the likes of Google, Microsoft and Facebook in forming a bug bounty program where it will reward security researchers up to $200,000 to find critical vulnerabilities in its services.

During this year's Black Hat conference in Las Vegas, Apple revealed that it will limit the program to two dozen researchers who have previously assisted Apple in security projects but had not been compensated.  

Ivan Krstic, Apple's head of security engineering and architecture, said at the Black Hat security conference: "It's getting increasingly difficult to find some of those most critical types of security vulnerabilities. The Apple security-bounty program is going to reward researchers who actually share critical vulnerabilities with Apple."

He added: "We believe that these payment amounts are commensurate with the level of difficulty in attacking some of these systems."

Apple has announced five categories, each rewarding a different amount with the highest category rewarding $200,000 for finding vulnerabilities in Apple's "secure boot" firmware for preventing unauthorised programs from launching when an iOS device is powered up.

Apple has requested that the researchers do not disclose the bugs before Apple has time to fix them, and then once they are published researchers will be given credit and will have the opportunity to donate their bounty to charity to which Apple may match their donation.

The iPhone giant has revealed that the bounty program has been set in place due to such bugs are becoming harder to find and furthermore the program will deter security researchers from selling the bugs to other companies, governments or individuals who may want to exploit them.

Bug bounty programs are becoming increasingly popular, and only this year Facebook CEO Mark Zuckerberg rewarded a 10-year-old boy $10,000 for discovering a vulnerability in Instagram. Furthermore, Microsoft has rewarded up to $1.5m to security researchers since it launched his program three years ago.  

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code