Header Ads

Apple will reward 1.5 million USD for finding the most severe security flaw in iOS

12/23/2019 10:51:00 AM , ,
OPPO
Infinix
Apple has just declared a 1.5 million USD (more or less PHP 76M) as the prize to discovering the most critical security issue.
Apple will reward 1.5 million USD for finding the most severe security flaw in iOS
The latest smartphone from Apple, iPhone 11 Pro

The Apple bug bounty program

A few months ago, Apple stated that special iPhones were issued to security researchers to assist in finding security weaknesses. This time, there is an exclusive bug search program that would accommodate all ethical hackers with an insanely huge reward of 1.5 million US dollars.

In general, iOS is considered as a "more protected operating system" as compared to Android. The reasons behind that were elaborated during the release of a new Apple Platinum Security Guide. However, it does not mean the iPhone is no longer exposed to security threats. 
iOS deemed as a safer choice than Android
iOS deemed as a safer choice than Android

Like for example, there were reports lately about an attacker who could lock iPhone users out of their devices if they don't update to iOS 13.3. Another issue is about the revelation during the iPhone 11 preorder that iOS 13 has an included security flaw. Also, the susceptibility of Apple iMessage could mean remote access to iOS device files.

Apple is not the only company that is having a bug bounty program as many big tech companies also have this kind of system. This is to support the responsible discovery of security vulnerabilities with financial rewards in return. 

Granted that the Apple bug bounty program is now open to all security researchers, the terms of eligibility for an actual payment is described to be complex. The complete details were clarified on the Apple Security Bounty pages. It starts with a simple statement: "The issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where relevant, on the latest publicly available hardware."

Aside from that, there also a condition that if you should be the first person to report the issue if you want to get the reward. Next, you should give consent of not revealing it before a security advisory is publicized. 

Moreover, those accepted reports that are missing important information to reproduce the issue will make the payment a lot lesser.

A process on claiming iPhone Hacking Reward

If there's any chance that you are successful in hacking an iPhone, here is the process of claiming your bounty prize. First, you can email your report to product-security@apple.com

 It is noted that Apple requests that all reports are encrypted with the Apple Product Security PGP Key. Aside from that, included all significant videos, crash logs, and system diagnosis reports.

What are your thoughts on this mind-blowing reward from Apple?

Source: Forbes

Post a Comment

Powered by Blogger.
close
gizguide