WHAT’S BEING CLAIMED:
- In its effort to expand and improve its bug-bounty program, Apple announced that a $1M reward will be paid out to anyone who can successfully hack into its iOS operating system.
- To execute the hack which is known as a zero-click full chain kernel execution attack, the researcher should also manage to control the iPhone without user interaction.
- In addition, the company will also include platforms such as macOS, watchOS, and tvOS to its iOS software, which powers iPhones.
Since Apple introduced the bug-bounty program in 2016, major changes are now being added by the company including a million-dollar reward.
Apple says it will offer a $1 million reward to any security researcher who can patiently accomplish a zero-click full chain kernel execution attack.
As Forbes and TechCrunch explained, this means that those qualified for the payout should be able to successfully gain access to the center of Apple’s iOS operating system and control an iPhone in a manner that wouldn’t require any user interaction.
While Apple’s new offer is way higher than the $200,000 it paid out to researchers when the program was initially launched, Forbes also said it is the largest bug-bounty reward proffered by a major tech company. A 50% bonus can also be given for those who can detect vulnerability in Apple’s software beta version.
These changes to its bug-bounty platform together with other important updates were announced by the company during the Black Hat cybersecurity conference held in Las Vegas. Furthermore, the company said they are expanding the program to introduce other platforms like macOS, tvOS, and watchOS-the software that powers its products such as Mac, Apple TV and Apple Watch. In addition, the program’s invite-only requirement is also cancelled so anyone interested is invited to participate.
Apple’s bug-bounty program expansion comes as tech and financial industries are increasingly besieged with data breaches. Capital One was among the recent large firms to be the victim of a data breach that involved exposing personal data of 100 million of its customers in the US and six million in Canada.
In recent years, vulnerabilities in Apple’s products have been noted by security experts. Wired reported that in June, researcher Patrick Wardle noticed a defect that makes it possible for infiltrators to avoid security prompts in the macOS software of the company.