At the annual Black Hat Security Conference in Las Vegas, Apple made an important announcement regarding the reward system for finding vulnerabilities in its products. If previously the company paid for the work of only invited specialists, now it is ready to cooperate with everyone. In addition, the amount of rewards has grown significantly.
Unlike other IT companies, Apple has previously offered rewards only to specially invited information security experts who, at the request of the Corporation, were looking for vulnerabilities in its devices and cloud storage systems. Now, anyone who discovers a gap in the "Apple" products, can count on a solid monetary incentive.
The size of the reward depends on the seriousness of the identified weaknesses in the security system. The company is ready to pay $ 1 million to anyone who will be able to get remote access to the core of the iPhone without any action from the owner of the device. According to Apple, this is the most critical vulnerability in modern gadgets.
Previously, the company's largest payment for finding errors was $200,000. In addition, from now on Apple will pay for the found gaps in macOS.
According to macOS security expert Patrick Wardle, the Corporation was wise to expand the rewards program. Before that, many experts accused the American company of refusing to pay for the vulnerabilities they discovered. This often encouraged hackers to sell information about weaknesses in Apple's firmware and services to attackers and authorities, or even use it for nefarious purposes. An example is an Israeli company NSO Group, which sells tools for hacking servers Apple, Google, Microsoft, and other companies.