Click to Skip Ad
Closing in...

Apple will finally pay hackers who discover critical software vulnerabilities

Published Aug 5th, 2016 6:00PM EDT
iPhone Security

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

For a long while, Apple was seemingly the only top Silicon Valley company that didn’t make use of ‘bug bounty’ programs. Whereas companies like Google, Microsoft and Facebook routinely doled out monetary awards to individuals or third-parties who found critical software bugs, Apple curiously remained on the sidelines.

Now, in 2016, Apple has finally decided to join the party.

DON’T MISS: The only bad cell company is Sprint

At the Black Hat Conference in Las Vegas yesterday, Apple’s top security chief Ivan Krstic announced a new bug bounty program where Apple will pay handsome sums to anyone who manages to find and report major vulnerabilities in its software.

For now, the bug bounty program will primarily be an invite-only affair as Apple is concerned it might be overwhelmed by an avalanche of reports that might overshadow more serious vulnerabilities. Going forward, though, Apple will slowly open up the program to more people.

The current matrix of Apple’s bug bounty program looks like this:

  • Secure boot firmware components – Max payout of $200,000
  • Extraction of confidential material protected by the Secure Enclave Processor – Max payout of $100,000
  • Execution of arbitrary code with kernel privileges – Max payout of $50,000
  • Unauthorized access to iCloud account data on Apple servers – Max payout of $50,000
  • Access from a sandboxed process to user data outside of that sandbox – Max payout of $50,000

You’ll note that each successful bounty has a maximum payout as opposed to a guaranteed payout. Per TechCrunch, the final payout amount will be “based on several factors: the clarity of the vulnerability report; the novelty of the problem and the likelihood of user exposure; and the degree of user interaction necessary to exploit the vulnerability.”

Lastly, and in a very Apple-y move, recipients of an Apple bug bounty will have the option to hand over their winnings to charity, in which case Apple will match their donation 100%.

Yoni Heisler Contributing Writer

Yoni Heisler has been writing about Apple and the tech industry at large with over 15 years of experience. A life long expert Mac user and Apple expert, his writing has appeared in Edible Apple, Network World, MacLife, Macworld UK, and TUAW.

When not analyzing the latest happenings with Apple, Yoni enjoys catching Improv shows in Chicago, playing soccer, and cultivating new TV show addictions.