Apple Bug bounty: Earn big backs for hacking iPhone & other products

Hack iPhone and earn big bucks the right way.
Bug bounty: Apple offering $1.5m for hacking iPhone

Hack iPhone or any other Apple products and earn big bucks the right way.

Apple has officially announced its Bug Bounty program and offering $1.5 Million USD as a reward for hacking iPhone or identifying security flaws in any of the company’s operating systems. This program used to be an invite-only opportunity for white hat hackers but this time around the company has made it open to the public. 

If a hacker manages to find a zero-click kernel code execution vulnerability involving persistence and kernel PAC bypass, the company would pay $1 million USD and will pay $500,000 USD more if Apple was unaware of the identified vulnerability or if it is related to a particular developer or public beta.

According to the information shared by Apple on its official Security Bounty page, the reported vulnerability must be identified on the standard configuration of the latest publicly available versions of its operating systems including the iOS, macOS, iPadOS, tvOS and/or watchOS or publicly available hardware. Another condition is that the hacker must share the identified flaw with Apple first before the release of Apple’s official security advisory.

See: Zerodium to pay up to $2.5 million for reporting 0-day Android exploits

Generally, Apple’s iOS operating system is regarded as one of the securest in the smartphone industry especially in comparison to the Android OS, however, this doesn’t mean it isn’t vulnerable to being hacked. Time and again it has been proven than no OS in the industry is safe enough for users, not even Apple since every OS or the application can be exploited if there are inherent security flaws.

Zero-day vulnerabilities are always in demand and usually catch millions if auctioned by 0day brokers only because the vendors are unaware of them. Their potential for exploitation is great, and state-sponsored threat groups eagerly hunt for such vulnerabilities.

That’s why Apple has decided to expand the scope of its bug bounty program by making it open to the public. There are conditions that can cause a reduction in the bounty payment. Apple explains that

“Reports lacking the necessary information to enable Apple to efficiently reproduce the issue will result in a significantly reduced bounty payment, if accepted at all.” 

Apple will be paying the hacker anyways but the amount will be significantly reduced, approx. half of the actual, promised amount. If you have identified a security flaw in the iPhone, don’t waste time and send the information at [email protected] in an Apple Product Security PGP Key encrypted message. 

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Related Posts