Apple has finally recognised the need to open up its backend and let cyber experts poke around inside to help it find potential software vulnerabilities.
In giving this type of access for the first time, the Silicon Valley giant is offering researchers $200,000 (£152,000) bug bounties – an incentive programme which offers rewards for discovering and submitting security holes and weaknesses for a company to preemptively patch.
Fellow tech giants such as Google and Microsoft have offered such rewards to bolster their level of security online for some time now. Although, perhaps to make up for lost time, Apple's lump sum seems to be the highest corporate bounty ever.
However, the $200,000 is at the high end of the payment program, and this amount will only be paid out for vulnerabilities found in Apple's secure boot firmware components — the fundamental first protection that keeps your devices safe.
In addition to the top reward, Apple says it will pay up to $100,000 (£76,000) for extraction of confidential material protected by the Secure Enclave Processor, up to $50,000 (£38,000) for executions of arbitrary code with kernel privileges, up to $50,000 for access to iCloud account data on Apple servers, and up to $25,000 (£19,000) for access of user data from a sandboxed process.
"We've had great help from researchers like you in improving iOS security all along," Ivan Krstic, Apple's head of security engineering and architecture told the crowd at the Black Hat security conference in the US.
"Feedback that we've heard pretty consistently both from my team at Apple and also from researchers directly is that it's getting increasingly more difficult to find some of those most critical types of security vulnerabilities. So the Apple Security Bounty Program is going to reward researchers who actually share critical vulnerabilities with Apple."
The pressure from the security industry to launch a bug bounty programme has been mounting on Apple for some time now, especially since numerous bug reports of late which have proved the iPhone maker isn't quite as hacker-proof as they were once thought to be.
Last month, security experts warned Apple users to update their device software to the firm's latest release, version 9.3.3, after researchers from Cisco's Talos security team warned there are a number of serious vulnerabilities addressed in the update that, if left unpatched, could leave them vulnerable to hackers.
Talos, who helped Apple patch the bugs in the 9.3.3 patch before it was released, went public with the details of the patches, of which there were five remote code execution vulnerabilities. The bugs affected ImageIO, a programming interface that reads and writes image data.
This article was originally published by WIRED UK
