Apple Officially Launches Public Bug Bounty Program Covering All Apple Software

Apple today officially opened its bug bounty program to all security researchers, after the company announced the expansion plan at the Black Hat conference in Las Vegas earlier this year.


Prior to now, Apple's bug bounty program was invitation-based and non-iOS devices were not included. As reported by ZDNet, from today any security researcher who locates bugs in iOS, macOS, tvOS, watchOS, or iCloud will be eligible to receive a cash payout for disclosing the vulnerability to Apple.

Apple has also increased the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Apple says it will add a 50 percent bonus on top of the standard payout for bugs found in beta software, which allows the company to nix the issue before the OS version goes public. It is also offering the same bonus for so-called "regression bugs" – these are bugs that Apple has patched in the past but which have been accidentally reintroduced in a later version of the software.

Apple has published more information on its website detailing the bug bounty program's rules, as well as a full breakdown of the rewards being offered to researchers based on the exploits they uncover.

When submitting reports, researchers must include a detailed description of the issue, an explanation of the state of the system when the exploit works, and enough information for Apple to reliably reproduce the issue.

Next year, Apple plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, or special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.

These iPhones are being provided as part of Apple's forthcoming iOS Security Research Device Program, which aims to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

Tag: Apple security

This article, "Apple Officially Launches Public Bug Bounty Program Covering All Apple Software" first appeared on MacRumors.com

Discuss this article in our forums

from MacRumors: Mac News and Rumors - All Stories https://ift.tt/36XWPjp

Netflix Autoplays the Murder of Kittens to Angry Subscribers

At a time when its seat as top U.S. streaming service has never been more precarious, the fact that Netflix would decide now to push out a docuseries about a creep who tortures and murders kittens among other horrifying acts is . . . a choice. But one I can at least wrap my head around. What I fail to understand,…

Read more...

from Gizmodo https://ift.tt/2Mg7Zbb

2019 Holiday Gift Guide: Health & Fitness

If you want some great gift ideas to help your loved ones stay healthy and keep fit take a look at our Health & Fitness gift guide below.

You may also want to check out the iClarified Store and our Smart Home and Audio & Music guides as well.

Please download the iClarified app or follow iClarified on Twitter, Facebook, YouTube, and RSS for more!





Share Article:
Facebook,  Twitter,  LinkedIn,  Email,  Reddit,  Digg,  Delicious,  StumbleUpon

Follow iClarified:
Facebook,  Twitter,  LinkedIn,  Newsletter,  App Store,  YouTube

from iClarified - Apple News and Tutorials https://ift.tt/2EDjp4w

Apple Stops Signing iOS 13.2.3, Downgrades and Restores No Longer Possible

Apple has stopped signing iOS 13.2.3, preventing users from being able to downgrade or restore to that firmware.

Currently, Apple's latest firmware is iOS 13.3. If you accidentally update or restore, you'll find yourself on that version. Developers have been seeded with iOS 13.3.1 beta.

Those interested in jailbreaking are typically advised to stay on the lowest firmware possible; however, the recently released checkra1n jailbreak makes it possible to jailbreak most devices between the iPhone 5s and iPhone X on any firmware version above iOS 12.3. Checkra1n has already been updated with support for iOS 13.3.





Share Article:
Facebook,  Twitter,  LinkedIn,  Email,  Reddit,  Digg,  Delicious,  StumbleUpon

Follow iClarified:
Facebook,  Twitter,  LinkedIn,  Newsletter,  App Store,  YouTube

from iClarified - Apple News and Tutorials https://ift.tt/2Shhj2a

Apple Now Offers Up to $1.5 Million for Finding Critical Security Issues

Apple has announced that researchers can now earn a security bounty of up to $1.5 million for finding critical security issues with its hardware and software.

As part of Apple’s commitment to security, we reward researchers who share critical issues with us through the Apple Security Bounty. You can now earn up to $1,500,000 and report issues on iOS, iPadOS, macOS, tvOS, watchOS, and iCloud. In addition, Apple offers public recognition for those who submit valid reports and will match donations of the bounty payment to qualifying charities.

Eligibility
In order to be eligible for an Apple Security Bounty, the issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where relevant, on the latest publicly available hardware. These eligibility rules are meant to protect customers until an update is available, ensure Apple can quickly verify reports and create necessary updates, and properly reward those doing original research. Researchers must:
● Be the first party to report the issue to Apple Product Security.
● Provide a clear report, which includes a working exploit (detailed below).
● Not disclose the issue publicly before Apple releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue). See terms and conditions.





Share Article:
Facebook,  Twitter,  LinkedIn,  Email,  Reddit,  Digg,  Delicious,  StumbleUpon

Follow iClarified:
Facebook,  Twitter,  LinkedIn,  Newsletter,  App Store,  YouTube

from iClarified - Apple News and Tutorials https://ift.tt/38VRkn4