Apple on Friday introduced vital updates to its bug bounty program and the corporate is now providing as much as $2 million for advanced exploit chains.
For the reason that launch of its public bug bounty program in 2020, Apple has awarded a complete of greater than $35 million to over 800 security researchers. A number of hackers earned $500,000 for his or her work, Apple mentioned.
The tech big lately unveiled Reminiscence Integrity Enforcement (MIE), an always-on memory-safety safety for iPhones designed to fight subtle assaults akin to those carried out by mercenary adware distributors.
Apple believes these adware assaults are the one ones that truly pose a major risk to its prospects and the corporate now desires to spice up the security of its merchandise even additional towards subtle assaults.
It’s doing this by harnessing offensive security expertise from exterior the corporate, particularly by considerably growing bug bounties for vulnerabilities akin to those that may be leveraged within the exploit chains of mercenary adware assaults.
Particularly, the highest reward for a zero-click exploit chain that achieves distant system compromise, has been elevated from $1 million to $2 million. Apple identified that that is the bottom pay and researchers can in idea get as a lot as $5 million in the event that they earn bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software program.
Apple famous in a name with reporters on Thursday that for somebody to earn a $5 million reward just isn’t simple or seemingly, however it’s theoretically doable.
Apple can be considerably growing bug bounty payouts for an software sandbox escape (from $150k to $500k), assaults requiring bodily entry to a locked system (from $250k to $500k), wi-fi assaults requiring bodily proximity (from $250k to $1M), and distant hacking that requires one-click person interplay (from $250k to $1M).
The corporate has additionally introduced that one-click assaults by way of the online browser, which must bypass its WebKit protections, will likely be rewarded with as much as $300,000 if they’ll obtain code execution with a sandbox escape. The reward can enhance as much as $1 million if the exploit chain is taken even additional to realize unsigned code execution with arbitrary entitlements.
The tech big can be boosting rewards for classes the place no exploit has been demonstrated so far, akin to a Gatekeeper bypass on macOS ($100,000) and unauthorized iCloud entry ($1 million).
The brand new payouts will go into impact in November 2025.
Apple on Friday additionally launched an idea that includes flags, much like capture-the-flag (CTF) competitions. These so-called ‘Goal Flags’ are supposed to make it simpler for researchers to objectively show their findings and to know what reward they need to count on for his or her report.
“When researchers show security points utilizing Goal Flags, the precise flag that’s captured objectively demonstrates a given stage of functionality — for instance, register management, arbitrary learn/write, or code execution — and instantly correlates to the reward quantity, making the award willpower extra clear than ever,” Apple defined.
“As a result of Goal Flags could be programmatically verified by Apple as a part of submitted findings, researchers who submit eligible experiences with Goal Flags will obtain notification of their bounty award instantly upon our validation of the captured flag,” it added.
Goal Flags are supported on iOS, iPadOS, macOS, visionOS, watchOS, and tvOS.
Apple additionally introduced that distinctive analysis will proceed to obtain bonuses, and it has determined that even low-impact vulnerabilities could also be rewarded with $1,000 to encourage researchers to proceed reporting their findings.
