Bug bounty programs are nothing new, with large companies offering them in order to try and ensure hackers bring bugs to them rather than create exploits from them, and Apple’s own program was launched last year.
At the time, the company outlined the amounts of money it would pay for bugs that were found and reported, but according to a new report by Motherboard those who do find bugs are simply not telling Apple about them at all.
The reason, apparently, is that Apple simply is not paying enough. When Apple announced its own bug bounty program, it outlined how much researchers could expect to be paid when they brought their bug-based discoveries to Apple’s attention as follows:
- Secure boot firmware: $200,000
- Extraction of confidential material protected by the Secure Enclave Processor: $100,000
- Execution of arbitrary code w/kernel privs: $50,000
- Unauthorized access to iCloud account data on Apple Servers: $50,000
- Access from a sandboxed process to user data outside of that sandbox: $25,000
However, it would seem that these sums of money do not cut it in a world where researchers can get paid $500,000 and sometimes even up to $1.5 million for their discoveries. It’s not only the money either, with researchers saying that even if they did go to Apple, it may hinder their ability to continue working with the bugs they found.
“People can get more cash if they sell their bugs to others,” said Nikias Bassen, a security researcher for the company Zimperium, and who joined Apple’s program last year. “If you’re just doing it for the money, you’re not going to give [bugs] to Apple directly.”
Zimperium buys exploits and sells them on to its own customers, with sums in the region of $1.5 million paid for a method “comprised of multiple bugs that can jailbreak the iPhone.” That’s money that is hard to turn down for most people.
The report notes that eight bug hunters were contacted, none of whom reported bugs to Apple nor knew of anyone who had. If Apple wants that to change, it may just have to put its hand a little further into its pocket in the future.
You may also like to check out:
- Red Hydrogen One Smartphone Price, Release Date And Features Announced
- PS5 Features, Expected Release Date Rumored Once Again
- How To Downgrade iOS 11 Beta To iOS 10.3.2 / 10.3.3 [Tutorial]
- Download: iOS 11 Beta 2 15A5304j Update 1 IPSW Links For iPhone, iPad, iPod touch Released
- Download iOS 11 Beta 2 & Install On iPhone 7, 7 Plus, 6s, 6, SE, 5s, iPad, iPod [Tutorial]
- Jailbreak iOS 10.3.2 / 10.3.1 / 10.3 / 10.2.1 For iPhone And iPad [Latest Status Update]
You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the Web.