Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple announces major changes to its bug bounty program, including higher rewards

At the Blackhat cybersecurity conference, Apple has announced a few major changes to its bug bounty program that will be open to any researcher. The most striking change is related to the payout for the rewards, themaximum reward passed from $200,000 to $1 million. This is the biggest payout for a bug bounty program operated […]

Apple zero-day

At the Blackhat cybersecurity conference, Apple has announced a few major changes to its bug bounty program that will be open to any researcher.

The most striking change is related to the payout for the rewards, the
maximum reward passed from $200,000 to $1 million. This is the biggest payout for a bug bounty program operated by a tech company.

Apple will pay up to $1 million reward for a zero-click kernel code execution vulnerability zero user clicks,  that could be exploited by an attacker to take over a device.

On top of the maximum reward of $1 million, the tech giant announced it will also offer a supplementary bonus of 50% to those experts who report security issues in beta version software before its public release.

Another novelty is represented by the extent of the bug bounty program to all the operating systems developed by the company, including macOS, watchOS, tvOS, iPadOS, and iCloud.

Until now Apple’s bug bounty program only covered vulnerabilities in the iOS mobile operating system.

The tech giant also announced that starting from the next year will also provide pre-jailbroken iPhones to a selected number of trusted white-hat hackers under its iOS Security Research Device Program. 

“What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be “dev devices.” Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren’t easily accessible on a commercial iPhone.” wrote Thomas Brewster on Forbes. “In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code.”

Apple’s decision to extend the bug bounty program and increase the rewards is very important. Let’s consider that since now the best way to earn money for a bug hunter was to sell the exploits to zero-day broker firms like Zerodium. These companies historically offered greater rewards for working zero-day exploits for popular software like iOS and the Tor Browser.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – bug bounty, Apple)

[adrotate banner=”5″]

[adrotate banner=”13″]