If you can pull off a very specific iPhone hack, Apple has a million dollars for you.
Apple announced a big changes to its bug-bounty program it launched in 2016. The biggest is a new $1 million reward if you find a very specific exploit.
The $1 million will go to security researchers (or group of researchers) that are able to carry out a “zero-click full chain kernel execution attack with persistence,” Techcrunch reports.
If you don’t know what that is, don’t worry. It’s an attack that would result in the hacker getting to the core of Apple’s operating system, iOS, and gaining control of the iPhone in question without any user interaction. If someone (or several someones) are able to pull the hack off and share how they did with Apple, they’ll get $1 million.
The new challenge was presented by Apple during the Black Hat cybersecurity conference being held in Las Vegas this week. Black Hat is currently the world’s leading information security event. Held in Las Vegas, the week starts with four days of technical training. followed by a two-day main conference. The conference ended yesterday on August 8th.
Beyond the new top prize, Apple also announced that it’s extending the bug-bounty program to include not just iOS, but also macOS, tvOS, and watchOS.
In the past, hackers have reportedly refused to alert Apple to security bugs without receiving any kind of bounty. By offering a cash prize for those platforms as well as iPhone, the company is setting itself up to potentially be able to work better with the hackers and security researchers that typically search for and find exploits.
The bug bounty program, which was previously invite-only, is also now available to any researchers that would like to participate, which should widen the number of people looking for those issues. Additionally, Apple will be offering a 50% bonus to any researcher that is able to find an exploit in the beta or developer preview version of the operating system prior to its public release.
That $1 million is a pretty substantial prize. The bounty is the largest reward being offered by a major tech company and is a dramatic increase from the top reward of $200,000 previously offered by Apple for finding exploits in iOS.
Apple’s new bug-bounty programs are expected to become available later this year.
- Google dished out $6.5M in bug bounties in 2019 with one payout worth $201K
- Microsoft offers up to $20,000 to identify security vulnerabilities in Xbox Live
- WhatsApp fixes bug that could have allowed hackers to read your desktop files
- Iowa caucus app chaos shows why American elections should stay analog for now
- Apple finally expands its bug bounty program to accept MacOS bugs