Finding Software Weaknesses: Apple Pays $ 1 Million for Vulnerabilities
TIME ONLINE | News, backgrounds and debates
Las Vegas (AP) - Apple raises the reward for finding vulnerabilities in its software up to one million dollars. This amount should be for particularly serious vulnerabilities that could be accessed by an attacker without the user's intervention to the core of the operating system.
So far, Apple could get a maximum of $ 200,000 Bug Bounty, while the market was sometimes offered millions for iPhone vulnerabilities. Apple will give the rewards not only for gaps in the iPhone system iOS, but also in software from other Apple devices.
For vulnerabilities that are found in pre-release versions of new operating systems, Apple once again put 50 percent on it, as the responsible manager Ivan Krstic announced on the night of Friday at the IT security conference Black Hat in Las Vegas.
In addition, experts from next year will be able to get their specially researched iPhones with free access to the system as in consumer devices for their research.
The finder's reward is graded according to the severity of the vulnerabilities. For example, there are rewards of up to $ 100,000 when you make it through the lock screen or find a way to get valuable user data through a groomed app. Even unauthorized access to iCloud account information on Apple servers is treated similarly. Up to $ 500,000, the group can cost the reference to vulnerabilities that can be accessed by an attacker via the network of user information. Previously, the rewards of 25,000 to 200,000 across the bank were significantly lower.
For Apple, data security is an important selling point, especially on the iPhone. The Group operates a high effort, including a separate data vault in the processor. Apple also risked a legal dispute with the FBI in 2016: The company refused to write software that could crack a locked iPhone. At the same time, there are companies who claim to be able to exploit security vulnerabilities to protect the iPhones. Such companies typically offer their services to security agencies. The FBI came to his own time with the help of such a service provider to the goal.