Apple joins Microsoft on the bug bounty bandwagon
According to the past two quarters of 2016 alone, there is a general feeling of vulnerability and powerlessness, no matter what we use, may be a Windows PC, an Apple MacBook, an Android phone, or any number of iOS devices. With the latest statistics reporting about half of all US businesses being hit by ransomware in one shape or another, among other forms of cyber attack.
Microsoft has a long history of providing its users with incentives, including cash prizes, awarded to those who find vulnerabilities capable of affecting Windows. The Bug Bounty program, started in 2011 by Microsoft, has awarded $250,000 in its first year, and still continues today, with Windows 10.
Apple has announced an invitation-only program similar to Microsoft’s Bug Bounty, in the wake of concerns in regard to evidence of ransomware specifically designed for Macs, which has made it as far as the Mac App store. While there is no word on any Mac systems affected by ransomware yet, Apple is clearly no longer in a position to ignore cyber threats like it used to.
Similarly to Microsoft’s Bug Bounty program, Apple’s own initiative will reward applicants according to the level of each threat found, starting from $25,000, all the way up to $200,000.
According to statements made by Apple’s Head of Security Engineering and Architecture Ivan Krstic, during the Black Hat 2015 security conference on Thursday, the program will award prizes based on the following guidelines:
- Secure boot firmware components ($200,000 cap)
- Extraction of confidential material protected by the Secure Enclave Processor ($100,000 cap)
- Execution of arbitrary code with kernel privileges ($50,000 cap)
- Unauthorized access to iCloud account data on Apple servers ($50,000 cap)
- Access from a sandboxed process to user data outside of that sandbox ($25,000 cap)
While macOS Sierra is not yet part of this new program, it is expected to be, as of its official release this Fall.