Opens up bug bounty scheme to all researchers, and increases top financial rewards to $1m for most serious vulnerabilities
Apple used the annual Black Hat security conference in Las Vegas on Thursday to make some changes to its bug bounty scheme.
Until recently, Apple’s previous highest bounty was $200,000 for friendly reports of bugs that could then be fixed with software updates.
And Apple also only offered bug bounties to invited researchers who tried to find flaws in its phones and cloud backups, Reuters reported.
But now at the conference Apple has made some changes, as it seeks to ensure that the iPhone is the most safeguarded and privacy focused handset on the market.
First off, Apple has opened its bug bounty program to all security researchers, and its dramatically increased the payout for the most serious of flaws.
Reuters reported that Apple’s bug bounty scheme now includes not just the iPhone, but also Mac software, and it is offering researchers a range of bug bounties for the most significant findings.
For example, the $1 million prize would apply only to those researchers who uncover a way to remote access the iPhone kernel without any action from the phone’s user.
And Apple is also seeking to make things easier for security researchers, by offering them a modified phone that has some security measures disabled.
Perhaps the most famous attempt in recent years to hack an iPhone came in 2016 when Apple refused to assist the FBI in unlocking the iPhone 5C that belonged to San Bernardino terrorist, Syed Rizwan Farook.
The FBI had actually paid so called ‘grey hat’ hackers to crack Farook’s iPhone, after Apple refused to co-operate, arguing that the FBI essentially wanted it to create a “backdoor” that could allow it to unlock any iPhone in the future.
In the end, then FBI director James Comey hinted at the reward it paid these third party hackers, thought to be at least $1.34 million.
Quiz: How well do you know Apple?