Apple will pay up to $2M for finding an iPhone security flaw

Apple will pay up to $2M for finding an iPhone security flaw

Briefly

"Driving the news: Apple said in a blog post Friday that it's increasing the payouts for several categories of security vulnerabilities, including zero-click vulnerabilities and attacks that work when in close proximity to an iOS or MacOS device. The move is designed to encourage researchers to find bugs in some of Apple's newer security features. Catch up quick: iPhone 17, which hit the market last month, includes new security improvements that harden the phones' memory against some of the most commonly targeted software vulnerabilities."

"Called Memory Integrity Enforcement, Apple security designers have built a new system into the device chips that assigns a "secret tag" to a chunk of memory tied to a specific program. If an adversary attempts to run a script targeting that slice of memory, the iPhone will first check if the program has the right tag. If it doesn't, the program will crash instead of opening."

"Apple is increasing the maximum payouts for the following categories of security flaws: Zero-click flaws that would give an attack access to a device without any user interaction could get a payout of as much as $2 million, double the previous maximum. One-click flaw discoveries can now get up to $1 million. Vulnerabilities that would give adversaries access to a device whenever it's in close proximity could get as much as $1 million, quadruple the previous amount of $250,000."