Η Apple decided to increase researchers' pay in its bug bounty program and give up $ 1,47 million for discovering exploits, bypassing embedded mechanisms security the company's.
However, now the program is available to the general public. It also includes all functional systems Apple (iPadOS, macOS, tvOS, watchOS).
Apple was named for the "mysticism"Which he maintained in relation to the inner mode of its systems. Therefore, inviting top security researchers to breach and analyze its platforms is a big step for company.
The fees for finding exploits vary depending on their severity and complexity. For example, bypassing the lock screen one iPhone and the theft of some basic personal data could offer the investigator $ 25.000. Widespread unauthorized account access iCloud, hosted at servers of the company, could offer $ 100.000.
Apple is willing to give up to $ 250.000 for network attacks that allow it executing malicious code on devices (usually observed during installation attempts ransomware or other malware).
The highest pay will be given to researchers who succeed to find and understand their vulnerabilities and their exploitation techniques. Apple's main goal is to find vulnerabilities 'Zero-click' posing to you risk a Mac, iPhone or any other device without any action by the victim.
Also, the company said there will be some bonus.
More and more companies are launching Bug-bounty programs as cyber threats continue to grow.
Some of the biggest technology companies, such as Microsoft and Google, carry out public bug-bounty programs. This has somehow created a new job. The bug bounty programs are sources of additional income for security researchers.
These programs and the big payoffs have another purpose beyond what most people think. Companies hope that with the big pay will encourage potential cybercriminals to share their new exploits in programs rather than publish them widely on Internet.