"Since launching its bug bounty program nearly a decade ago, Apple has always touted notable maximum payouts-$200,000 in 2016 and $1 million in 2019. Now the company is upping the stakes again. At the Hexacon offensive security conference in Paris on Friday, Apple vice president of security engineering and architecture Ivan Krstić announced a new maximum payout of $2 million for a chain of software exploits that could be abused for spyware."
"Apple says that there are more than 2.35 billion of its devices active around the world. The company's bug bounty was originally an invite-only program for prominent researchers, but since opening to the public in 2020, Apple says that it has awarded more than $35 million to more than 800 security researchers. Top-dollar payouts are very rare, but Krstić says that the company has made multiple $500,000 payouts in recent years."
Apple increased its bug-bounty maximum payout to $2 million for a software exploit chain that could be abused to install spyware. Additional bonuses for exploits that bypass Lockdown Mode and for vulnerabilities discovered during beta testing raise the potential top award to $5 million. The changes take effect next month. Apple intends to attract the most skilled researchers who can uncover the hardest, mercenary-spyware-style attack chains by offering very large rewards. More than 2.35 billion Apple devices are active worldwide, increasing the stakes for exploitable vulnerabilities. Since opening the program to the public in 2020, Apple has awarded over $35 million to more than 800 researchers and has made multiple $500,000 payouts in recent years.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]