If you can pull off a very specific iPhone hack, Apple has a million dollars for you.
Apple announced a big changes to its bug-bounty program it launched in 2016. The biggest is a new $1 million reward if you find a very specific exploit.
The $1 million will go to security researchers (or group of researchers) that are able to carry out a “zero-click full chain kernel execution attack with persistence,” Techcrunch reports.
If you don’t know what that is, don’t worry. It’s an attack that would result in the hacker getting to the core of Apple’s operating system, iOS, and gaining control of the iPhone in question without any user interaction. If someone (or several someones) are able to pull the hack off and share how they did with Apple, they’ll get $1 million.
The new challenge was presented by Apple during the Black Hat cybersecurity conference being held in Las Vegas this week. Black Hat is currently the world’s leading information security event. Held in Las Vegas, the week starts with four days of technical training. followed by a two-day main conference. The conference ended yesterday on August 8th.
Beyond the new top prize, Apple also announced that it’s extending the bug-bounty program to include not just iOS, but also macOS, tvOS, and watchOS.
In the past, hackers have reportedly refused to alert Apple to security bugs without receiving any kind of bounty. By offering a cash prize for those platforms as well as iPhone, the company is setting itself up to potentially be able to work better with the hackers and security researchers that typically search for and find exploits.
The bug bounty program, which was previously invite-only, is also now available to any researchers that would like to participate, which should widen the number of people looking for those issues. Additionally, Apple will be offering a 50% bonus to any researcher that is able to find an exploit in the beta or developer preview version of the operating system prior to its public release.
That $1 million is a pretty substantial prize. The bounty is the largest reward being offered by a major tech company and is a dramatic increase from the top reward of $200,000 previously offered by Apple for finding exploits in iOS.
Apple’s new bug-bounty programs are expected to become available later this year.
Related Posts
Android phones can warn you if you open financial apps during a scam call
Whenever Android detects that you are on a call with a number not saved in your contacts, and you open a supported financial app, it will trigger a protective alert.
Your phone can now tell you when a text looks like a scam
Since our messaging apps are constantly getting hammered with sophisticated fraud - from those fake "delivery fee" demands to weird promises of free money - Google is stepping in to help you spot the fakes at a glance.
Your notifications just got smarter and quieter with Google’s new update
Right now, this is hitting Pixel devices, with Samsung, OnePlus, and others expected to catch up soon (likely via updates like One UI 8.5). This isn't just a bug fix; it’s a serious upgrade list. We’re talking AI-powered notification summaries, a smart Notifications Organizer that cleans up your shade, auto-themed icons that actually match your wallpaper, and a much smarter dark mode.