Apple has opened its bug bounty program to the public, offering up to $1.5 million in payouts for serious vulnerabilities that can be exploited without user interaction.
The program had previously been limited to an invitation-based, and only chosen, licensed security researchers, but now open to anyone able to find a flaw in MacOS, iOS, tvs, watches, or iCloud.
Apple has also raised the annual bug bounty reward from $200,000 to $1.5 million, depending on the complexity and magnitude of the vulnerability chain and the maximum payout rate card below;
|iCloud||Unauthorized access to iCloud account data on Apple Servers||$100,000|
|Device attack via physical access||Lock screen bypass||$100,000|
|User data extraction||$250,000|
|Device attack via user-installed app||Unauthorized access to sensitive data**||$100,000|
|Kernel code execution||$150,000|
|CPU side channel attack||$250,000|
|Network attack with user interaction||One-click unauthorized access to sensitive data**||$150,000|
|One-click kernel code execution||$250,000|
|Network attack without user interaction||Zero-click radio to kernel with physical proximity||$250,000|
|Zero-click unauthorized access to sensitive data**||$500,000|
|Zero-click kernel code execution with persistence and kernel PAC bypass||$1,000,000|
Apple officially published a new page on its website outlining the rules of the bug bounty program, which includes program requirements, payment breakdown, and how developers will report.
- Be the first party to report the issue to Apple Product Security.
- Provide a clear report, which includes a working exploit (detailed below).
- Not disclose the issue publicly before Apple releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue).
Issues unknown to Apple that are specific to approve developer betas and public betas, like regressions, that contribute to a bonus payment of 50 percent. The training issues are as follows:
- Security issues introduced in certain designated developer beta or public beta releases, as noted on this page when available. Not all developers or public betas are eligible for this additional bonus.
- Regressions of previously resolved issues, including those with published advisories, that have been reintroduced in a developer beta or public beta release, as noted on this page when available.
Issues unknown to Apple that are specific to approve developer betas and public betas, like regressions, that contribute to a bonus payment of 50 percent.
India Sent Maximum Number Of Content Removal Requests In 2019 : TikTok
Unbelievable: Samsung sold 6.7 million 5G phones in 2019
Tips for Choosing the Best Bluetooth Headphones