Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

Apple

Apple finally launches bug bounties

By Stephanie Mlot PCmag
Published | Updated
32b1c6ca-Apple logo

A logo of Apple is seen in this Sept. 23, 2014 illustration photo in Sarajevo. (REUTERS/Dado Ruvic)

Apple will now pay hackers up to $200,000 to identify vulnerabilities in its products.

The tech titan—a long-time holdout in the bug bounty arena—announced its new program during this week's Black Hat event in Las Vegas.

For the first time in four years, Apple's head of security engineering and architecture Ivan Krstic took the conference stage on Thursday to talk about security features of HomeKit, AutoUnlock, and iCloud Keychain. As TechCrunch pointed out, the public appearance is "somewhat unusual" for the secretive company.

The biggest surprise, though, was Krstic's bug bounty announcement.

According to Rich Mogull, CEO of security research firm Securosis, Cupertino boasts one of the highest payouts in the business, but only for a handful of selected researchers.

Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit, Mogull wrote in a blog post. The program covers five issues, all on iOS or iCloud.

Historically, Apple has shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 is a good payday, it's pennies compared to the $1 million the FBI allegedly paid to break into the iPhone used by San Bernardino shooter Syed Farook.

Now, the iDevice maker—famously protective of its products and consumers—is taking new safety precautions. Applauding this move, Mogull said Apple didn't need a bug bounty, "but can certainly benefit from one."

"This won't motivate the masses or those with ulterior motives, but it will reward researchers interested in putting in the extremely difficult work to discover and work through engineering some of the really scary classes of exploitable vulnerabilities," he said.

Apple did not immediately respond to PCMag's request for comment.

This isn't the first time finding an iOS exploit could help pay the rent: In the past, third parties like Zerodium have paid security researchers upwards of $1 million to uncover Apple vulnerabilities.

In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.

This article originally appeared on PCMag.com.