Hack an iPhone and Apple will pay you up to $5 million
Apple announced an update to its Security Bounty program, increasing financial rewards for security researchers. The changes are intended to encourage advanced research into vulnerabilities targeted by sophisticated mercenary spyware that requires no user interaction.
The program’s top award has doubled from $1 million to $2 million for discovering exploit chains achieving goals similar to sophisticated mercenary spyware attacks that require no user interaction. The maximum possible payout can exceed $5 million for identifying more critical vulnerabilities, such as bugs in beta software or methods that bypass Lockdown Mode, an upgraded security architecture in the Safari browser.
Other reward categories also saw increases. The program now offers updated payouts for several types of vulnerability discoveries:
- One-click user interaction: Rewards for exploit chains requiring a single click from the user increased to a maximum of $1 million, up from $250,000.
- Physical proximity attacks: The reward for attacks that necessitate physical proximity to a device was also raised to a ceiling of $1 million, an increase from $250,000.
- Physical access attacks: For attacks requiring physical access to a locked device, the maximum reward has been doubled to $500,000.
- WebContent execution: Researchers who demonstrate chaining WebContent code execution with a sandbox escape are eligible to receive up to $300,000.
Since the program’s introduction and expansion, Apple has awarded over $35 million to more than 800 security researchers, according to Ivan Krstić (via Wired), the company’s VP for security engineering and architecture. While top-dollar payouts are very rare, Apple has made multiple $500,000 payouts.
Apple stated in its announcement that the only system-level iOS attacks observed in the wild have come from mercenary spyware, an attack type historically associated with state actors and typically used to target specific individuals. New security features, including Lockdown Mode and Memory Integrity Enforcement, are designed to make such attacks more difficult by combating memory corruption vulnerabilities. Apple is hoping that updating its bounty program with bigger payouts can “encourage highly advanced research on its most critical attack surfaces despite the increased difficulty.”
Featured image credit
FAQs
Frequently Asked Questions
What is a Premium Domain Name? A premium domain name is the digital equivalent of prime real estate. It’s a short, catchy, and highly desirable web address that can significantly boost your brand's impact. These exclusive domains are already owned but available for purchase, offering you a shortcut to a powerful online presence. Why Choose a Premium Domain? Instant Brand Boost: Premium domains are like instant credibility boosters. They command attention, inspire trust, and make your business look established from day one. Memorable and Magnetic: Short, sweet, and unforgettable - these domains stick in people's minds. This means more visitors, better recall, and ultimately, more business. Outshine the Competition: In a crowded digital world, a premium domain is your secret weapon. Stand out, get noticed, and leave a lasting impression. Smart Investment: Premium domains often appreciate in value, just like a well-chosen piece of property. Own a piece of the digital world that could pay dividends. What Sets Premium Domains Apart? Unlike ordinary domain names, premium domains are carefully crafted to be exceptional. They are shorter, more memorable, and often include valuable keywords. Plus, they often come with a built-in advantage: established online presence and search engine visibility. How Much Does a Premium Domain Cost? The price tag for a premium domain depends on its desirability. While they cost more than standard domains, the investment can be game-changing. Think of it as an upfront cost for a long-term return. BrandBucket offers transparent pricing, so you know exactly what you're getting. Premium Domains: Worth the Investment? Absolutely! A premium domain is more than just a website address; it's a strategic asset. By choosing the right premium domain, you're investing in your brand's future and setting yourself up for long-term success. What Are the Costs Associated with a Premium Domain? While the initial purchase price of a premium domain is typically higher than a standard domain, the annual renewal fees are usually the same. Additionally, you may incur transfer fees if you decide to sell or move the domain to a different registrar. Can I Negotiate the Price of a Premium Domain?
In some cases, it may be possible to negotiate the price of a premium domain. However, the success of negotiations depends on factors such as the domain's demand, the seller's willingness to negotiate, and the overall market conditions. At BrandBucket, we offer transparent, upfront pricing, but if you see a name that you like and wish to discuss price, please reach out to our sales team.
How Do I Transfer a Premium Domain?
Transferring a premium domain involves a few steps, including unlocking the domain, obtaining an authorization code from the current registrar, and initiating the transfer with the new registrar. Many domain name marketplaces, including BrandBucket, offer assistance with the transfer process.
