""We are lining up to pay many millions of dollars here, and there's a reason," Krstić tells WIRED. "We want to make sure that for the hardest categories, the hardest problems, the things that most closely mirror the kinds of attacks that we see with mercenary spyware-that the researchers who have those skills and abilities and put in that effort and time can get a tremendous reward.""
"In addition to individual payouts, the company's bug bounty also includes a bonus structure, adding additional awards for exploits that can bypass its extra secure Lockdown Mode as well as those discovered while Apple software is still in its beta testing phase. Taken together, the maximum award for what would otherwise be a potentially catastrophic exploit chain will now be $5 million."
Apple increased its maximum payout to $2 million for a chain of software exploits that could be abused for spyware. The bug bounty program includes bonuses for exploits that bypass the extra-secure Lockdown Mode and for vulnerabilities found during beta testing, allowing combined awards to reach $5 million. The program began nearly a decade ago and opened to the public in 2020. More than 2.35 billion Apple devices are active worldwide. Since opening, the program has awarded over $35 million to more than 800 security researchers, with multiple $500,000 payouts in recent years.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]