Click to Skip Ad
Closing in...

Hacking companies are willing to pay a lot more than Apple for flaws in iOS

Published Aug 10th, 2016 5:05PM EDT
iPhone Hacking
Image: Niels Epting

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

At the Black Hat Conference in Las Vegas last week, Apple introduced its first bug bounty program. Whereas Apple has historically relied upon security researchers and hackers to discover and report critical security exploits out of the goodness of their hearts, Apple finally wised up and realized that it might want to include some sort of financial incentive for those who have a knack for discovering important security flaws.

DON’T MISS: Google’s new Nexus phones will be just as fast as the Galaxy Note 7

As laid out by Apple’s top security chief Ivan Krstic, Apple will pay out as much as $200,000 to individuals or teams who unearth serious software vulnerabilities. As we detailed last week, Apple’s newly christened bug bounty program looks like this.

Secure boot firmware components – Max payout of $200,000
Extraction of confidential material protected by the Secure Enclave Processor – Max payout of $100,000
Execution of arbitrary code with kernel privileges – Max payout of $50,000
Unauthorized access to iCloud account data on Apple servers – Max payout of $50,000
Access from a sandboxed process to user data outside of that sandbox – Max payout of $50,000

While it’s nice to see Apple follow the lead of other tech companies and offer monetary rewards for reported bugs, Apple may have a tough time keeping up with black hat companies who are more than willing to dole out a lot more cash for, more often than not, iOS-based security exploits.

As highlighted by 9to5Mac earlier today, a company called Exodux Intelligence is offering varying amounts of cash for a wide variety of hacks. With respect to iOS in particular, the company is offering up as much as $500,000 “for a zero-day vulnerability in iOS 9.3+.”

It’s fair to say that Apple will not get into a bidding war for security vulnerabilities, and to be fair, Apple’s payout of $200,000 is hardly a figure to scoff at. All the same, perhaps individuals who uncover a vulnerability might still be inclined to officially disclose it to Apple as that might yield them a little bit more of the spotlight.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.