PhotoIncreasingly, technology producers and companies are using outside resources to test for security weaknesses in their products. Now it seems that the trend has extended to Apple, which plans to launch a bug bounty program in September.

Initially, white- and gray-hat hackers will only be able to participate if they’re invited by the company. However, individuals may be able to work their way into this elite group if they find a particularly interesting bug or flaw.

Successfully collecting a bounty could be quite lucrative for participants or the charities they choose to donate to. Apple has declared that it will match any donation made by participants on a 1:1 basis.

According to an Apple Insider report, the company is willing to pay out:

  • $200,000 for bugs connected to secure boot firmware components;
  • $100,000 for extraction of confidential material protected by Secure Enclave Processor;
  • $50,000 for execution of arbitrary code with kernel privileges;
  • $50,000 for unauthorized access to iCloud account data on Apple servers;
  • and $25,000 for access from a sandboxed process to user data outside of that sandbox.

The tech company hopes that incentivizing the discovery of potential threats will decrease the likelihood that a flaw is exploited on millions of consumer devices. Expansion of the types of bug categories that will be incentivized will be addressed at a later date. 

Share your Comments