STOCK MARKET BSE NSE

You can now win up to Rs 10.7 crore if you find a security flaw in any Apple product!

The bounty varies depending on the flaw discovered. A 50 per cent bonus will also be given to those who find issues unknown to Apple and are unique to designated developer betas and public betas.

Published: 21st December 2019 07:00 PM  |   Last Updated: 21st December 2019 07:00 PM   |  A+A-

Apple

For representational purposes (File Photo| AP)

By Online Desk

Apple has confirmed a reward of up to $1.5 million (Rs 10.7 crore) for anyone who spots a security flaw in any of its products or operating systems. Earlier in August, the company had an invite-only bug bounty program. However, this time, the challenge is open to all security researchers.

"As part of Apple’s commitment to security, we reward researchers who share with us critical issues and the techniques used to exploit them. We make it a priority to resolve confirmed issues as quickly as possible in order to best protect customers," Apple said in its Apple Security Bounty page.

"Apple offers public recognition for those who submit valid reports, and will match donations of the bounty payment to qualifying charities," it added.

The bounty varies depending on the flaw discovered, with the maximum payout offered for "zero-click kernel code execution with persistence and kernel PAC bypass."

A 50 per cent bonus payment will also be given to those who find issues that are unknown to Apple and are unique to designated developer betas and public betas, including regressions.

What are the eligibility criteria?

In order to be eligible for an Apple Security Bounty program, the issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where relevant, on the latest publicly available hardware.

Have you managed to find a flaw? Here's what you need to do:

  • Be the first person to report the issue to Apple Product Security.

  • You should provide a clear report, which includes a working exploit.

  • Most importantly, you should not disclose the issue publicly before Apple releases the security advisory for the report.

Bounty Categories:

Issue Topic Maximum payout
iCloud     Unauthorized access to iCloud account data on Apple Servers

$100,000

(Rs 71 lakh)

Device attack via physical access 1) Lock screen bypass

$100,000

(Rs 71 lakh) 

2) User data extraction

$250,000

(Rs 1.8 crore)

Device attack via the user-installed app 1) Unauthorized access to sensitive data

$100,000

(Rs. 71 lakh)

2) Kernel code execution

$150,000

(Rs 1.06 crore)

3) CPU side-channel attack

$250,000

(Rs 1.8 crore)

Network attack with user interaction 1) One-click unauthorized access to sensitive data

$150,000

(Rs 1.06 crore)

2) One-click kernel code execution

$250,000

(Rs 1.8 crore)

Network attack without user interaction 1) Zero-click radio to kernel with physical proximity

$250,000

(Rs 1.8 crore)

2) Zero-click unauthorized access to sensitive data

$500,000

(Rs 3.6 crore)

3) Zero-click kernel code execution with persistence and kernel PAC bypass

$1,000,000

(Rs 7.1 crore)



Comments

Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the newindianexpress.com editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on newindianexpress.com are those of the comment writers alone. They do not represent the views or opinions of newindianexpress.com or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. newindianexpress.com reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp