Apple's new $1 million bug bounty program: What you need to knowApple's Head of Security Engineering and Architecture, Ivan Krstić, has just dropped some bombshell announcements at the Black Hat conference in Las Vegas and we're going to talk about them.
Apple's Bug Bounty Program, take 2
Krstić announced the first bug bounty program three years ago at Black Hat 2016. Back then and since then, it's only covered iOS and iCloud and topped out $250 thousand dollars for exploits of secure boot firmware components.
It was also invitation only. While Apple would entertain submissions from anyone, they purposely kept things small at first. That way, they could listen, learn, make mistakes, and figure things out before going wide.
You know, much to the frustration of many, measure 999 times before cutting once, as is their wont.
And there was plenty to learn from. At the beginning of the year, a teenager discovered a bug that could let people listen in using FaceTime and was unable to get a response from Apple's security reporting system...
Source:
Apple's new $1 million bug bounty program: What you need to know
