"specifically by significantly increasing bug bounties for vulnerabilities such as the ones that would be leveraged in the exploit chains of mercenary spyware attacks. Specifically, the top reward for a zero-click exploit chain that achieves remote hacking has been increased from $1 million to $2 million. Apple pointed out that this is the base pay and researchers can in theory get as much as $5 million if they earn bonuses for Lockdown Mode bypasses and vulnerabilities discovered in beta software."
"The tech giant recently unveiled Memory Integrity Enforcement (MIE), an always-on memory-safety protection for iPhones designed to combat sophisticated attacks such as the ones conducted by mercenary spyware vendors. Apple believes these spyware attacks are the only ones that actually pose a significant threat to its customers and the company now wants to boost the security of its products even further against sophisticated attacks."
Since 2020, Apple has awarded more than $35 million to over 800 security researchers, with multiple hackers earning $500,000. The company unveiled Memory Integrity Enforcement (MIE), an always-on memory-safety protection for iPhones aimed at countering sophisticated mercenary spyware attacks. Apple is increasing external offensive security incentives by raising bug bounties for complex exploit chains and other vulnerabilities. The top reward for a zero-click remote exploit chain rises from $1 million to $2 million, with theoretical bonuses taking payouts up to $5 million. Payouts for sandbox escapes, physical-access attacks, wireless proximity attacks, and one-click remote hacks were substantially increased.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]