Apple will pay you if you find bugs in their products, from now on. Microsoft, Facebook and Google launched bug bounty programs years ago; they reward researchers and hackers who report vulnerabilities in their product. Apple was a holdout but not anymore.
Recently Apple announced at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company's products.
Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software. It is one of the highest rewards offered in corporate bug bounty programs. Apple Bug Bounty Program — Invite Only, For Now Apple is keeping the bug bounty program small by launching it as invitation-only. It is open only to limited security researchers who previously made valuable bug disclosures to apple.
Launching in September, the program will offer bounties for a small range of iOS and iCloud flaws. Here's the full list of risk and reward:
Flaws in secure boot firmware components: Up to $200,000.Flaws that could allow extraction of confidential data protected by the Secure Enclave: Up to $100,000.Vulnerabilities that allow executions of malicious or arbitrary code with kernel privileges: Up to $50,000.
Flaws that grant unauthorized access to iCloud account data on Apple servers (remember celebrity photo leak?): Up to $50,000.
Access from a sandboxed process to user data outside of that sandbox: Up to $25,000.
For the eligibility of a reward, researchers will need to show a proof-of-concept (POC) on the latest iOS and hardware with the clarity of the bug report, the novelty of the bounty problem and the possibility of user exposure, and the degree of user interaction necessary to exploit the flaw.
Decision Comes in the Wake of the FBI Scandal
Earlier this year, Apple fought a publicized battle with the FBI, over a court order to access the locked San Bernardino shooter's iPhone.
When the FBI forced Apple to unlock the shooter's iPhone, it refused, eventually making the bureau hire professional hackers to break into the iPhone -- supposedly paying out over $1 Million. Perhaps the company is trying to eliminate these lucrative backdoors into its software to make its iOS devices so secure that even the company cannot crack them.