Apple Rewards Up to $5 Million for Discovering Bugs, Lockdown Mode Bypasses, and Beta Software Vulnerabilities

Apple Rewards Up to $5 Million for Discovering Bugs, Lockdown Mode Bypasses, and Beta Software Vulnerabilities

Apple Security Bounty Program: A Significant Update

Launched in 2020, the Apple Security Bounty program has become a cornerstone of the company’s commitment to cybersecurity. With more than $35 million allocated to over 800 researchers, the average payout per contributor stands at approximately $43, 750. In a remarkable move, Apple is now enhancing the financial rewards within this program, making it even more appealing for security experts.

Table showing maximum payouts for various attacks, with Zero-click chain increasing from $1M to $2M in the New Maximum column.
Overview of Apple Security Bounty Program Rewards

Key Enhancements to the Bounty Program

In a recent publication, Apple outlined significant updates to its bounty structure:

  1. Top Prize Increased: The highest reward has been raised to $2 million for identifying exploit chains that can parallel sophisticated mercenary spyware attacks.
  2. Bonus Incentives: By discovering vulnerabilities related to Lockdown Mode or beta software, researchers can earn bonuses that elevate their total earnings to as much as $5 million.
  3. Gatekeeper Bypass Reward: Identifying a complete bypass of the Gatekeeper security feature now merits a reward of $100, 000, which is crucial for maintaining macOS integrity.
  4. iCloud Access Exploits: A bounty of $1 million is offered for discovering instances of broad unauthorized access to iCloud accounts.
  5. WebKit Sandbox Escapes: The program has expanded to include one-click WebKit sandbox escape vulnerabilities, with rewards reaching up to $300, 000.
  6. Wireless Proximity Exploits: Researchers can now claim $1 million for identifying vulnerabilities related to wireless proximity exploits across any radio.

Enhancements to Apple’s Security Architecture

Through the ongoing efforts of the bounty program, Apple has significantly fortified its security posture, implementing critical enhancements that include:

  1. Lockdown Mode: This dedicated feature minimizes attack vectors by restricting unsolicited attachments, disabling link previews, and imposing web-based restrictions.
  2. Safari Security Architecture: Improvements have been made to enhance the security of the Safari browser, contributing to a safer browsing experience.
  3. Memory Integrity Enforcement: New security features in Apple chips, such as the A19, have been introduced to mitigate risks associated with memory corruption vulnerabilities.

Apple emphasizes that these robust measures have resulted in system-level iOS attacks becoming predominantly the work of highly sophisticated mercenary spyware, which typically requires millions in development costs and targets a very small pool of individuals.

Source & Images

Related Articles:

Microsoft’s Hyper-V upgrades enhance confidential Linux security features
Apple offers up to $5 million for reporting security flaws in its products

Leave a Reply

Your email address will not be published. Required fields are marked *