- As part of an expansion to its bug-bounty program, Apple says it will pay a $US1 million reward to those who execute a specific iPhone hack.
- The hack is known as a zero-click full chain kernel execution attack.
- Additionally, the company says it’s expanding the program to include platforms such as macOS, watchOS, and tvOS in addition to its iOS software that powers iPhones.
- Visit Business Insider’s homepage for more stories.
Apple is making some major changes to the bug-bounty program it introduced in 2016, including the introduction of a new million-dollar reward.
The company says it will pay out $US1 million to security researchers who can carry out what is known as a zero-click full chain kernel execution attack with persistence. That means anyone who can get to the core of Apple’s iOS operating system and gain control of an iPhone in a way that wouldn’t require any user interaction would be eligible for the payout, as Forbes and TechCrunch explain.
That’s a substantial difference from the $US200,000 maximum it paid out to researchers when the program launched. It’s also the biggest bug-bounty reward offered by a major technology company, according to Forbes. Those who spot a vulnerability in a beta version of Apple’s software before it launches can also receive a 50% bonus.
Apple announced the changes to its bug-bounty program during the Black Hat cybersecurity conference in Las Vegas alongside other critical updates. In addition to the new $US1 million reward, Apple also revealed that it’s expanding the program to its other platforms such as macOS, tvOS, and watchOS, the software that powers its Mac, Apple TV, and Apple Watch products. The company is also nixing the program’s invite-only requirement and is opening it to all researchers who wish to participate.
The expansion of Apple’s bug-bounty programs comes as data breaches are becoming increasingly common throughout the tech and financial industries. Among the latest large firms to be the victim of a data breach was Capital One. The incident put the personal data of 100 million customers in the United States and 6 million in Canada at risk.
Security experts have also noticed vulnerabilities in Apple’s products in recent years. In June, the researcher Patrick Wardle spotted a flaw that would make it possible for intruders to bypass security prompts in the company’s macOS software, as Wired reported.