Apple Offers $1 Million Prize For Hackers Who Can Find Security Holes In Devices
Published
| Last updated
Apple has officially opened a program where it will pay anyone who discovers bugs and security holes in any of the company's devices.
The scheme - dubbed the 'Apple Security Bounty' - is an expansion of a project the tech giant started in 2016 to try and get to the bottom of flaws in the iPhone security.
This new version now also includes iPads, Apple laptops and desktops, Apple TV as well as the Apple Watch.
Apple is offering a range of monetary 'prizes' depending on what hackers are able to delve into with payments available from £25,000 (£19,200) to $1,000,000 (£768,900).
The Bounty payments are determined by the level of access or execution obtained by the reported issue, modified by the quality of the report.
This means that anyone successful in finding a bug will be required to submit a detailed description of the exploit, including any preconditions necessary to getting the device into the impacted state.
The top-tier prize of a cool mil will be available to anyone who can successfully engineer a 'zero-click remote chain with full kernel execution and persistence, including kernel PAC bypass, on latest shipping hardware.'
Unauthorised iCloud account access will make you eligible for between $25,000 and $100,000 depending on the amount of control over an iCloud account.
If you manage to gain physical access to a device through bypassing the lock screen you could bag yourself a prize of either $25,000, $50,000 or $100,000 - which will, again, depend on the amount of data you can access.
The amount will go up to $100,000 or $250,000 if you are able to extract data from the device.
You can find out more about what can be achieved here.
On the website, it states: "The top payouts in each category are reserved for high quality reports and are meant to reflect significant effort, and as such are applicable to issues that impact all or most Apple platforms, or that circumvent the full set of latest technology mitigations available.
"Payouts vary based on available hardware and software mitigations that must be bypassed for successful exploitation. There is a $5,000 minimum payout for all categories."
So, all that's left now is for us to find a zero-click-remote-chain-with-full-kernel-execution-and-persistence hacker then... anyone?
