Apple announced a bug bounty programme at the annual Def Con in Las Vegas, offering a maximum of US$200,000 for bugs in secure boot firmware components.
Advertisement
Apple is finally catching up to the practices of other Silicon Valley giants by offering a bounty system to encourage third-party security experts to find security loopholes in its systems.
Those who submit their bugs to Exodus could receive extra cash on top of the lump sum for every quarter that the zero-day is still alive, and can be paid by check, wire transfer, Western Union, or Bitcoin, according to the website.
It’s the first time Apple has announced a bug bounty program. Most companies have wised up and started incentivizing legitimate individuals, but “zero-day exploits” – an exploit that has been found before it’s fixed by a company – can sell for much more on these black markets than companies offer to help close them. Exodus Intelligence makes its business by alerting clients of critical threats before the software providers and hackers even know of them.
The company claims it can warn clients of the flaws up to two years in advance.
Other zero-day bounties on offer are US$150,000 for Google Chrome, US$80,000 for Firefox, US$75,000 for Windows 10 LPE, and US$60,000 for both Adobe Reader and Adobe Flash. Last year, Zerodium said it would pay out $1 million for an exclusive, browser-based way to compromise Apple’s iOS.
Exodus president Logan Brown said: “Exodus is excited to be engaging the global research community in our mission to provide the highest quality of vulnerability intelligence in the industry”.
Advertisement
Such a high reward for iOS leak is not new, the company Zerodium has offered a longer amount of $ 500,000, in this case for a remote jailbreak of iOS. For example, the Federal Bureau of Investigation reportedly paid hackers to use an unknown iOS flaw to access a terrorist’s locked iPhone.
