Apple Doubles Its Biggest Bug Bounty Reward To $2 Million (engadget.com)
- Reference: 0179745422
- News link: https://apple.slashdot.org/story/25/10/10/1610213/apple-doubles-its-biggest-bug-bounty-reward-to-2-million
- Source link: https://www.engadget.com/big-tech/apple-doubles-its-biggest-bug-bounty-reward-to-2-million-102844667.html
> It has doubled its top award from $1 million to $2 million for the discovery of "exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks" and which requires no user interaction. But the maximum possible payout can exceed $5 million dollars for the discovery of more critical vulnerabilities, such as bugs in beta software and Lockdown Mode bypasses. Lockdown Mode is an upgraded security architecture in the Safari browser.
>
> In addition, the company is rewarding the discovery of exploit chains with one-click user interaction with up to $1 million instead of just $250,000. The reward for attacks requiring physical proximity to devices can now also go up to $1 million, up from $250,000, while the maximum reward for attacks requiring physical access to locked devices has been doubled to $500,000. Finally, researchers "who demonstrate chaining WebContent code execution with a sandbox escape can receive up to $300,000."
[1] https://www.engadget.com/big-tech/apple-doubles-its-biggest-bug-bounty-reward-to-2-million-102844667.html
because money talks (Score:2)
Hackers have long sine moved on from doing it for the glory, challenge, and fame, to doing it for the money.
It's good to see they're fighting fire with fire. If you can get a payout for being evil and breaking the law (and risking your freedom) or get an at least somewhat similar payout for helping secure things, it makes the white hat look a lot more attractive, if you're already considering the black hat.
Re: (Score:2)
Anything worth doing is worth doing for money.
Re: (Score:2)
> Anything worth doing is worth doing for money.
Which now includes being President of the U.S. ... /s (sigh)
Re: (Score:2)
For that salary and benefits? You bet your ass it is.
hmm (Score:3)
"exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks"
I hear someone who has control of Apple's software has attacked users in a way that prevents them from running the software if their choice.
How much? (Score:2)
How much do I get if I report that the Mail app is doing something weird that makes me have to force quit it to fix it until it happens again?
Exploit chain? (Score:2)
What is the idea behind giving a reward for an "exploit chain"? This seems counterproductive: if I find a significant exploit that doesn't pwn a Mac computer entirely, I am not incentivized to report it immediately, but rather to wait until I find another one to chain it with and win the jackpot.
Dang! (Score:2)
All the bugs I've been able to find and report to Apple have been stupid UI bugs that freeze your app or make your screens look invisible. I guess those are not important.
Marketing music video? (Score:2)
> Apple Doubles Its Biggest Bug Bounty Reward To $2 Million
Sir Mix-A-Lot: "I like Big Bugs and I cannot lie ..." :-)