Fancy making millions hacking Apple? iPhone maker now offers huge bug bounty worth up to $2m

3 hours ago 7

(Image credit: Photo by Rasid Necati Aslim/Anadolu via Getty Images)

Apple now offers $2 million for zero-click RCE flaws in its devices
Zero-click attacks require no user interaction and are often used in cyber-espionage
Revamped bug bounty program includes new categories, bonuses, and payouts up to $5 million

If you want to earn a cool $2 million, all you need to do is discover a zero-click remote code execution (RCE) vulnerability in an Apple device.

Yes, it is as difficult as it sounds, which is why Apple doubled the bounty for zero-click flaws, for which it previously offered up to $1 million in rewards.

Security researchers can also earn a million dollars for finding one-click remote attacks, wireless proximity attacks, broad unauthorized iCloud access flaws, and WebKit exploit chains leading to unsigned arbitrary code execution.

"Unprecedented" amount

The upgraded rewards come as part of Apple's new, completely revamped bug bounty program, with new categories, new reward structure, and higher payouts.

Zero-click vulnerabilities are, as the name suggests, those that can be exploited with zero clicks from the victim’s side. Usually, running malware on a device requires at least one click from the victim, such as running a program, or granting certain permissions.

Zero-click flaws are infinitely more dangerous, as they can be abused even if the victim is both conscious and security-savvy, and does absolutely nothing to put themselves in harm’s way.

An example of a zero-click attack would be sending a specially crafted MMS message to the victim which grants the attackers access even if the user doesn’t read it. These vulnerabilities are few and far between, and are usually secretly leveraged by state-sponsored actors engaged in cyber-espionage.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“This is an unprecedented amount in the industry and the largest payout offered by any bounty program we’re aware of - and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million,” Apple said.

Serious money can also be earned by discovering attacks on locked devices with physical access, app sandbox escape flaws, one-click WebKit sandbox escape flaws, and complete Gatekeeper bypasses - without user interaction.

Via BleepingComputer

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Apple opens up Private Cloud Compute to security researchers, offers bug bounties up to $1 million
Take a look at our guide to the best authenticator app
We've rounded up the best password managers

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article