Select Page

Apple Announces Bug Bounty

by | Aug 22, 2016 | Apple, Blog, Business Technology, Security

  • Facebook
  • Twitter
  • LinkedIn
Article by Domain Support
With over a billion mobile devices using iOS, Apple takes security very seriously. At the Black Hat USA 2016 on August 4, Ivan Krstić, Apple’s head of security engineering and architecture, announced an invitation-only bug bounty program that will pay for vulnerabilities found in certain aspects of iOS and iCloud, payouts based on severity and category and the top fees across five areas range from $25,000 to $200,000, but could be much lower. This bounty program doesn’t include Mac OS. According to MacWorld, “Krstić listed five categories of bugs and the top fee paid for each, although Apple said later that exceptional critical vulnerabilities that aren’t listed will be considered.”

This announcement comes after Microsoft, Google, Facebook have long offered bug bounty programs so this was an unexpected offering at Black Hat. As Ooyuz put it, “Apple hasn’t made an appearance at Black Hat hacker conference in its history but this year Cupertino is Thinking Different™ about security.” Actually Apple was at Black Hat in 2012 but didn’t announce anything that wasn’t already public knowledge.

  • Facebook
  • Twitter
  • LinkedIn
At the conference, Krstić discussed ‘three iOS security mechanisms in unprecedented technical detail, offering the first public discussion of one of them new to iOS 10,’ according a Black Hat Briefing Announcement. Apple’s HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data – controlling devices (including locks) in the user’s home, the ability to unlock a user’s Mac from an Apple Watch, and the user’s passwords and credit card information. According to WiredKrstić said to attendees, “Feedback that we’ve heard pretty consistently both from my team at Apple and also from researchers directly is that it’s getting increasingly more difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple.”

The Video of Apple’s Black Hat 2016 presentation is available for your viewing: