Home > Cyber News > $1 Million for Persistent Kernel-Level Bugs in Apple Products

$1 Million for Persistent Kernel-Level Bugs in Apple Products

Apple users are not entirely immune against cyber threats and vulnerabilities. Thus, it is not that surprising that Apple has decided to expand its bug bounty program to more researchers by increasing the maximum payout to $1 million.

The announcement was made a few days ago by Ivan Krstić, head of Apple’s security engineering and architecture, during the Black Hat security conference in Las Vegas. The program is scheduled to launch next year, and it will give selected researchers special iOS devices to look for vulnerabilities.

Maximum payment in Apple’s Bug Bounty is now $1 million

The maximum payment of the bug bounty is set at $1 million, and it is meant for persistent kernel-level security flaws that require no user interaction. Overall, Apple has increased the payouts for other vulnerabilities and problems.

The most interesting thing about the updated bug bounty program is that Apple plans to grant access to pre-release software. Bounty hunters will also be allowed inside access to iOS, including devices that come with SSH. macOS, iCloud, tvOS, and iPadOS, and watchOS are also included in the program, as opposed to its current version which only includes iOS and iCloud.

According to a Krstić presentation during the conference, the program will be open to “everyone with a record of high-quality systems security research on any platform”.

The highest previous payment in the Apple’s bug bounty program was $200,000, a payment for the discovery of a flaw in secure boot firmware components. Researchers also had to be invited to participate, which limited the program by default. The change in the program triggered positive feedback by the community, including Patrick Wardle, one of the well-known Apple security experts.

Related: [wplinkpreview url=”https://sensorstechforum.com/apple-devices-awdl-protocol-attacks/”] Nearly All Apple Devices Vulnerable to Attacks on AWDL Protocol

Apple’s bullet-proof security is a myth

A recent report released by TU Darmstadt and Northeastern University researchers reveals that vulnerabilities in AWDL (Apple Wireless Direct Link) could enable attackers to track users, crash devices, or intercept files transferred between devices in man-in-the-middle (MitM) attacks.

From a user perspective, AWDL allows a device to remain connected to an infrastructure-based Wi-Fi network and communicate with AWDL peers simultaneously by quickly hopping between the channels of the two networks (AWDL uses fixed social channels 6, 44, and 149), StackOverflow users wrote.

According to the report, “with deployments on over one billion devices, spanning several Apple operating systems (iOS, macOS, tvOS, and watchOS) and an increasing variety of devices (Mac, iPhone, iPad, Apple Watch, Apple TV, and HomePod), Apple Wireless Direct Link (AWDL) is ubiquitous and plays a key role in enabling device-to-device communications in the Apple ecosystem.”

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree