Apple Security BountyAs part of Apple’s commitment to security, we reward researchers who share with us critical issues and the techniques used to exploit them. We make it a priority to resolve confirmed issues as quickly as possible in order to best protect customers. Apple offers public recognition for those who submit valid reports, and will match donations of the bounty payment to qualifying charities.meer ...
Apple today officially opened its bug bounty program to all security researchers, after the company announced the expansion plan at the Black Hat conference in Las Vegas earlier this year. Prior to now, Apple's bug bounty program was invitation-based and non-iOS devices were not included. As reported by ZDNet, from today any security researcher who locates bugs in iOS, macOS, tvOS, watchOS, or iCloud will be eligible to receive a cash payout for disclosing the vulnerability to Apple. Apple has also increased the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount. meer ...
Apple stelt zijn bugbeloningsprogramma open voor iedereenApple heeft zijn beloningsprogramma voor beveiligingsonderzoekers die bugs melden uitgebreid, waardoor nu iedereen zich kan aanmelden. Voorheen was er een uitnodiging voor nodig. Ook wordt het programma uitgebreid van alleen iOS naar andere besturingssystemen.Op een webpagina heeft Apple uiteengezet waar een beveiligingsonderzoeker aan moet voldoen om in aanmerking te komen voor een betaling. Zo moet de onderzoeker de eerste zijn die een bug meldt en moet er een duidelijk rapport inclusief werkende exploit worden opgestuurd. Wie iets vindt, kan zijn of haar rapport mailen naar Apple. De maximale beloning, voor een exploit waarbij de kernelbeveiliging wordt omzeild zonder dat daar input van de gebruiker voor nodig is, bedraagt 1 miljoen dollar. Overigens krijgen onderzoekers 50 procent extra als de bug in een bètaversie is ontdekt.meer ...
Apple Updates Platform Security Guide, Says Kernel Extensions Won't Be Supported on Future Apple Silicon MacsApple today shared an updated version of its Platform Security Guide, providing a comprehensive overview of the latest security advancements across iOS 14, iPadOS 14, macOS Big Sur, tvOS 14, watchOS 7, and more.For example, the guide provides security details about Safari's optional Password Monitoring feature on iOS 14 and macOS Big Sur, which automatically keeps an eye out for any saved passwords that may have been involved in a data breach. Apple also outlines the security of its new digital car keys feature on the iPhone and Apple Watch.Apple updated its "commitment to security" preamble, touting the security advantages of Apple-designed chips across the iPhone, iPad, Apple Watch, and Mac:Apple continues to push the boundaries of what's possible in security and privacy. This year Apple devices with Apple SoC's across the product lineup from Apple Watch to iPhone and iPad, and now Mac, utilize custom silicon to power not only efficient computation, but also security. Apple silicon forms the foundation for secure boot, Touch ID and Face ID, and Data Protection, as well as system integrity features never before featured on the Mac including Kernel Integrity Protection, Pointer Authentication Codes, and Fast Permission Restrictions. These integrity features help prevent common attack techniques that target memory, manipulate instructions, and use javascript on the web. They combine to help make sure that even if attacker code somehow executes, the damage it can do is dramatically reduced.meer ...