Apple puts out a bounty on iOS security exploits

Andy Boxall

In news

August 5, 2016




For the first time, Apple is reaching out to security researchers and organisations to help identify problems that may lie in iOS. Announced on stage by Ivan Kristic, Apple’s core security expert, at the Black Hat USA conference that’s taking place in Las Vegas.

Apple’s adding a financial incentive for those interested in hunting down security issues inside iOS, ranging from $25,000 to $200,000, depending on what’s discovered. It’s not the first company to put a bounty out for security exploits, but unlike others, Apple is only working with a select few companies and teams at this stage.

Apple’s offering rewards for finding exploits in iOS

apple news app

Here’s the breakdown of the issues Apple’s looking out for:

  • Up to $25,000: Sandboxed processes, and user data outside of the sandbox.
  • Up to $50,000: Unauthorised iCloud account access
  • Up to $50,000: Code execution with kernel privileges.
  • Up to $100,000: Extraction of Secure Enclave protected material
  • Up to $200,000: Secure boot firmware components

Despite working with certain teams, Apple has stated that private groups that discover faults in the above categories may be invited to join the process, should they discover any vulnerabilities. Any payouts made to members of the program can be accepted, or donated to charity. Initially limited to Apple’s iOS mobile operating system, the company may consider adding other platforms to the program in the future.