Apple to launch macOS Bug Bounty program, will also give 'special' iPhones to researchers
An announcement from the company is expected later this week at the Black Hat security conferenceBy Humza Aamir
Something to look forward to: Apple is looking to ramp up its devices' security by providing special iPhones to security researchers for finding weaknesses in iOS. The invite-only bug bounty program is expected to be announced at the Black Hat security conference, through which researchers will be rewarded for the iOS bugs they disclose to Apple. According to Forbes, the company is also planning a similar program for macOS.
Many organizations and tech companies such as Facebook, Google and Microsoft have bug bounty programs in place to reward security researchers for finding vulnerabilities and exploits in their products. Those who report the bugs are compensated with cash rewards and recognition in the industry.
It seems like Apple, which traditionally has been very tight-lipped about its offerings, will now open up its products to researchers by launching a bug bounty program for iOS and macOS. Forbes reports that the company is going to make an announcement at the Black Hat security conference in Las Vegas later this week. Through this program, Apple will further be able to bolster the security of its iPhones and Macs.
Invited researchers will receive special iPhones from Apple. Think of them as "dev devices," says one source with knowledge of the company's announcement. These devices will "allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren't easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities."
These special iPhones would still be locked in places, unlike the models used by Apple's internal security team and developers. For instance, Apple is unlikely to let researchers decrypt the firmware on its iPhones that are part of this program.
It's important here to mention the announcement of a bug bounty program launched by Apple back at Black Hat 2016. During that conference, Ivan Krstić, Apple's head of Security Engineering and Architecture, showed a slide consisting of five categories and their respective payments. The same program came under light to discuss the eligibility of a teen who discovered a bug in Apple's FaceTime feature earlier this year.
Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more: https://t.co/ftnHs3iBO5 https://t.co/SzkzTt354z--- Ivan Krstić (@radian) June 26, 2019
It's likely that the upcoming announcement by Apple for iOS and macOS bug bounty will expand on the previous program, where Ivan Krstić will give a session on "Behind the Scenes of iOS and Mac Security."
Image Credit: karsen madsen (Pexels)