Apple, the American IT multinational, offers bug bounty to award researchers for reporting crucial technical issues and the modus operandi to exploit them besides resolving the vulnerability to optimize effective cyber security.
There is good news of every ethical hacker!
And a bad news for his unethical counterpart.
Apple, the global brand of consumer electronics, computer software, and online services, as a part of its Corporate Social Responsibility, offers a compensatory package to researchers worldwide in order to ensure ultimate cyber security and safe internet experience of its clients and users in general.
It offers cyber security researchers and ethical hacking enthusiasts around the world a lucrative financial reward for reporting bugs, security vulnerabilities and other internet safety issues. The issues are then rightly solved followed by acknowledgement of the qualifying researcher and charity donations matching the magnitude of the bounty.
A generic criterion for eligibility in the Apple Security Bounty is that the vulnerability must appear in the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where applicable, on the latest publicly available hardware.
The strict selection rules ensure customer protection till an update is developed. It is all directed at Apple's ability of prompt verification of the report, designing necessary updates and acknowledging the reporter of the original research appropriately.The researcher has also to abide by the following:
In case of issues unknown to Apple and exclusive to designated developer betas and public betas, including regressions, a 50% of bonus is payable.The issues that are eligible are as follows:
The idea behind the Apple Security Bounty is ultimate consumer safety by understanding both vulnerabilities and their exploitation techniques. Reports that consist of a basic proof of the bug and not any working exploit will get only 50% of the bounty offer. Reports that don't have the much needed data for Apple to effectively work upon the issue will be rewarded lesser the amount appropriately, if accepted at all.A complete report is characterized by
Maximizing the bonusIn order to optimize the bug bounty the researcher must report about issues that:
Additional RequirementsIn addition to a complete and comprehensible report issues that need the execution of multiple exploits as well as one-click and zero-click issues require a full chain for optimum bonus. The chain and report must include:
Sending Your Report
Send your report by email to [email protected]
A cross section of issues and the magnitude of bounties they attract are as follows:
We are living in a world ruled by the internet. A trend that started at the turn of the new millennium has become a style of life today. But as all silver clouds have a dark lining, the fast and easy cyber world too is dominated by hackers who are out in the wild to wreck havoc. ISOEH has been the original name in combating cyber threats with its ethical hacking curriculum.
If you wish to participate in the apple bug bounty program and earn 1 million dollars, you need to know iOS penetration testing.
Do you think ethical hacking and cyber security is coming up in a big way as a lucrative career for the young and enthusiasts? Tell us.