Apple doubles its biggest bug bounty reward to $2 million
So, Apple is seriously upping its game when it comes to security. They're now offering a staggering $2 million for anyone who can find those nasty "exploit chains" that work like high-end spyware and don't even need user interaction. I mean, that's a serious chunk of change! It looks like they are really aiming to squash those vulnerabilities, and are willing to pay the big bucks to do it.
However, it doesn't stop there. For those uber-critical vulnerabilities, like flaws in beta software or ways to bypass their Lockdown Mode, the rewards can actually exceed $5 million. Just imagine stumbling upon a bug worth that much – talk about hitting the jackpot!
And they are boosting all kinds of bounties. Even if it needs a single click from the user, finding an exploit chain could get you up to $1 million. Attacks needing you to be physically close to a device? Also potentially worth $1 million.
I think that Apple's doing this because they've seen that the only real system-level attacks on iOS are coming from mercenary spyware – stuff usually linked to governments trying to spy on specific people. With new features like Lockdown Mode and Memory Integrity Enforcement, they're trying to make those attacks way harder.
Since they started their bounty program, they've already paid out over $35 million to more than 800 researchers. Even though the biggest payouts are rare, they have handed out multiple $500,000 rewards. It’s an interesting move, and I'm curious to see if these bigger rewards will actually bring more vulnerabilities to light. It's a constant cat-and-mouse game, but hey, at least it keeps things interesting!
Source: Engadget