Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple opens its bug bounty program to all white hat hackers

As announced in August, Apple has now announced the opening of its invite-only bug bounty program to all security researchers. Apple has now announced the opening of its invite-only bug bounty program to all security researchers. The tech giant will pay white hat hackers that will report security flaws in the iOS, macOS, watchOS, tvOS, […]

bug bounty Apple

As announced in August, Apple has now announced the opening of its invite-only bug bounty program to all security researchers.

Apple has now announced the opening of its invite-only bug bounty program to all security researchers. The tech giant will pay white hat hackers that will report security flaws in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud.

In August, at the Blackhat cybersecurity conference, Apple announced a few major changes to its bug bounty program including the opening to any researcher.

The most striking change is related to the payout for the rewards, the
maximum reward passed from $200,000 to $1 million. This is the biggest payout for a bug bounty program operated by a tech company.

Apple will pay up to $1 million rewards for a zero-click kernel code execution vulnerability zero user clicks,  that could be exploited by an attacker to take over a device.

On top of the maximum reward of $1 million, the tech giant announced it will also offer a supplementary bonus of 50% to those experts who report security issues in beta version software before its public release.

bug bounty Apple

Until now the Apple’s bug bounty program only rewarded researchers that reported vulnerabilities in the iOS mobile operating system.

Apple’s decision to extend the bug bounty program and increase the rewards is very important. Let’s consider that since now the best way to earn money for a bug hunter was to sell the exploits to zero-day broker firms like Zerodium. These companies historically offered greater rewards for working zero-day exploits for popular software like iOS and the Tor Browser.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Apple, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]