Home / / Apple will reward hackers $200,000 in bug bounty program

Apple will reward hackers $200,000 in bug bounty program

Apple will offer bounties for vulnerabilities found in some of its hardware and software

Apple will reward hackers $200,000 in bug bounty program
The iPhone giant has revealed that the bounty program has been set in place due to such bugs are becoming harder to find.

Apple has joined the likes of Google, Microsoft and Facebook in forming a bug bounty program where it will reward security researchers up to $200,000 to find critical vulnerabilities in its services.

During this year's Black Hat conference in Las Vegas, Apple revealed that it will limit the program to two dozen researchers who have previously assisted Apple in security projects but had not been compensated.  

Ivan Krstic, Apple's head of security engineering and architecture, said at the Black Hat security conference: "It's getting increasingly difficult to find some of those most critical types of security vulnerabilities. The Apple security-bounty program is going to reward researchers who actually share critical vulnerabilities with Apple."

He added: "We believe that these payment amounts are commensurate with the level of difficulty in attacking some of these systems."

Apple has announced five categories, each rewarding a different amount with the highest category rewarding $200,000 for finding vulnerabilities in Apple's "secure boot" firmware for preventing unauthorised programs from launching when an iOS device is powered up.

Apple has requested that the researchers do not disclose the bugs before Apple has time to fix them, and then once they are published researchers will be given credit and will have the opportunity to donate their bounty to charity to which Apple may match their donation.

The iPhone giant has revealed that the bounty program has been set in place due to such bugs are becoming harder to find and furthermore the program will deter security researchers from selling the bugs to other companies, governments or individuals who may want to exploit them.

Bug bounty programs are becoming increasingly popular, and only this year Facebook CEO Mark Zuckerberg rewarded a 10-year-old boy $10,000 for discovering a vulnerability in Instagram. Furthermore, Microsoft has rewarded up to $1.5m to security researchers since it launched his program three years ago.  

Follow us to get the most comprehensive IT solutions delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018