Apple hasn’t often made appearances at the Black Hat hacker conference, but this year Cupertino is Thinking Different™ about security. Head of Apple security, Ivan Krstic, today said the company would pay huge (up to $200K) bug bounties to invited researchers who find and report vulnerabilities in certain Apple software.
A quick breakdown of max. payments:
- Secure boot firmware: $200,000
- Extraction of confidential material protected by the Secure Enclave Processor: $100,000
- Execution of arbitrary code w/kernel privs: $50,000
- Unauthorized access to iCloud account data on Apple Servers: $50,000
- Access from a sandboxed process to user data outside of that sandbox: $25,000
Earlier this year, the FBI paid out under $1M to extract the data from the San Bernardino terrorist’s iPhone. Perhaps Apple is trying to eliminate these lucrative back doors into its crown jewel software. expand full story