Apple recently made headlines by announcing it would double the maximum reward in its "bug bounty" program, reaching $2 million – the highest amount the company has ever paid for a serious vulnerability on an iPhone.
This is not only a historic milestone for Apple but also sets a new record across the entire technology industry, reflecting the company's determination to protect users from increasingly sophisticated cybersecurity threats.
Not stopping at the record reward of $2 million, Apple said that this figure could increase to $5 million in some exceptional cases – if a researcher discovers a vulnerability that could disable Lockdown Mode – the most stringent protection on the iPhone, designed to protect against sophisticated attacks from state-sponsored spyware or organized hacking groups.
 |
| Apple has doubled the prize money this year. |
According to Apple, to reach the $2 million reward threshold, the discovered vulnerability must be as serious as the sophisticated surveillance tools used by "digital mercenary" groups – such as attacks targeting journalists, human rights activists, or high-ranking officials of organizations.
This move shows that Apple is significantly increasing its investment in cybersecurity, while also sending a strong message: the company is willing to spend heavily to keep users' devices safe from increasingly dangerous threats.
In addition to increasing rewards to millions of dollars, Apple has also expanded the scope of its "security bug bounty program," adding many new categories to more comprehensively cover potential vulnerabilities in its ecosystem.
According to the latest announcement, researchers can now be rewarded for discovering vulnerabilities in WebKit – the browser engine behind Safari – as well as in wireless connectivity protocols such as Wi-Fi, Bluetooth, and Ultra Wideband. In addition, critical operating system security mechanisms like Gatekeeper, which is responsible for blocking software from unknown sources, are also on the program's target list.
For example, discovering a vulnerability that allows bypassing Gatekeeper can be rewarded with $100,000, while unauthorized access to iCloud data – Apple's cloud storage platform – can yield rewards of up to $1 million.
In the five years since its launch, Apple's bug bounty program has paid out over $35 million to more than 800 cybersecurity experts worldwide . This figure not only demonstrates the scale of the program but also reflects Apple's seriousness in collaborating with the security research community to strengthen its ecosystem.
To improve efficiency and encourage high-quality reports, Apple recently introduced the Target Flags system – a new mechanism that allows researchers to receive rewards faster if they can demonstrate the ability to exploit vulnerabilities at the time the report is confirmed.
Target Flags are seen as a significant step forward in improving processing and payment speeds, while also promoting detailed, highly practical reporting – a key factor in helping Apple quickly patch vulnerabilities before they are exploited in practice.
With aggressive moves in finance, technology, and processes, Apple is reshaping the industry standard for collaboration with security researchers – a strategy that not only protects users but also strengthens the company's position in the global digital security race.
Source: https://baoquocte.vn/apple-treo-thuong-toi-2-trieu-usd-cho-ai-tim-ra-loi-he-thong-330906.html
Comment (0)