- Apple has officially launched an its-device wide hacking bounty
- The program offers a range of cash prizes for people who find security flaws
- Covered devices will include Apple Watch, iPhone, iPad, Apple TV, and iCloud
Today, Apple officially opened a hacking program that will pay people who discover bugs and security holes in the company’s full range of devices.
Called Apple Security Bounty, the program is an expansion of an invitation-only project Apple started in 2016 to try and find flaws in Apple’s iPhone security.
The new expanded version of the program will for the first time include iPads, Apple laptops and desktops, Apple TV, and Apple Watch.
Apple announced the expansion in August at the Black Hat security conference in Las Vegas.
The company is offering a range of prizes to those who find bugs that affect multiple devices, and they’ll pay an additional 50 percent bonus for bugs discovered in any of its software that is in beta.
To qualify for a prize, hackers or security researchers will be required to submit a detailed description of the bug or exploit, including any preconditions necessary to get the device into the impacted state.
Apple will have to be able to replicate the issue themselves and conclude the steps as described cause the exploit or bug with reasonable reliability.
‘Proof of concept’ submissions will also be eligible for prizes, but only at half the value, a fully detailed and replicable firsthand report would win.
The top prize of $1million will go to those who can get ‘zero-click’ access to another person’s device, meaning they don’t need the original device owner to click a malicious link or popup window.
The top tier prize of $1million will go to those who can successfully engineer a ‘zero-click’ attack, which gives someone control over another person’s device without needing the original owner to click a malicious link or pop up window.
These kinds of security exploits can occur between two devices using the same local network.
They can also potentially occur through wireless communication between devices in close proximity to one another.
Other prizes range from $25,000 to $500,000, and include lock screen bypass hacks, cracking into an iCloud account, and allowing unauthorized apps access to sensitive data that Apple’s OS would normally keep protected.
Apple Security Bounty is a prize program that will pay hackers and security researchers prizes for finding bugs and security flaws in iOS, iPadOS, macOS, iCloud, tvOS, and watchOS.
- $1,000,000 – Network Attack without User Interaction: Zero-Click Kernel Code Execution with Persistence and Kernel PAC Bypass
- $100,000 to $500,000 – Network Attack without User Interaction: Zero-Click Unauthorized Access to Sensitive Data
- $50,000 to $250,000 – Network Attack without User Interaction: Zero-Click Radio to Kernel with Physical Proximity
- $150,000 to $250,000 – Network Attack with User Interaction: One-Click Kernel Code Execution
- $75,000 to $150,000 – Network Attack with User Interaction: One-Click Unauthorized Access to Sensitive Data
- $250,000 – User-Installed App: CPU Side-Channel Attack
- $100,000 to $150,000 – User-Installed App: Kernel Code Execution
- $25,000 to $100,000 – User-Installed App: Unauthorized Access to Sensitive Data
- $ 100,000 to $250,000 – Physical Access to Device: User Data Extraction
- $25,000 to $100,000 – Physical Access to Device: Lock Screen Bypass
- $25,000 to $100,000 – Unauthorized iCloud Account Access