Apple Doubles Its Biggest Bug Bounty Reward To $2 Million

Apple is updating its Security Bounty program this November to connection immoderate of nan highest rewards successful nan industry. It has doubled its apical grant from $1 cardinal to $2 cardinal for nan find of "exploit chains that tin execute akin goals arsenic blase mercenary spyware attacks" and which requires nary personification interaction. But nan maximum imaginable payout tin transcend $5 cardinal dollars for nan find of much captious vulnerabilities, specified arsenic bugs successful beta package and Lockdown Mode bypasses. Lockdown Mode is an upgraded information architecture successful nan Safari browser.

In addition, nan institution is rewarding nan find of utilization chains pinch one-click personification relationship pinch up to $1 cardinal alternatively of conscionable $250,000. The reward for attacks requiring beingness proximity to devices tin now besides spell up to $1 million, up from $250,000, while nan maximum reward for attacks requiring beingness entree to locked devices has been doubled to $500,000. Finally, researchers "who show chaining WebContent codification execution pinch a sandbox flight tin person up to $300,000." Apple told Wired that it has awarded complete $35 cardinal to much than 800 information researchers since it introduced and expanded nan programme complete nan past fewer years. Apparently, top-dollar payouts are very rare, but Apple has made aggregate $500,000 payouts.

The institution said successful its announcement that nan only system-level iOS attacks it has observed successful nan chaotic came from mercenary spyware, which are historically associated pinch authorities actors and typically utilized to target circumstantial individuals. It said its caller information features for illustration Lockdown Mode and Memory Integrity Enforcement, which combats representation corruption vulnerabilities, tin make mercenary attacks much difficult to propulsion off. However, bad actors will proceed evolving their techniques, and Apple is hoping that updating its bounty programme pinch bigger payouts tin "encourage highly precocious investigation connected [its] astir captious onslaught surfaces contempt nan accrued difficulty."