APPLE OPENS ITS REVAMPED BUG BOUNTY PROGRAM TO THE PUBLIC

-
The program will now include macOS, iCloud, and other products beyond iOS.


Apple has opened its bug bounty program to all security researchers, offering rewards of $1 million or more for discoveries of major flaws in its operating systems.

The program, which had been open by invitation only since its launch in 2016, now includes operating systems beyond iOS. Apple first announced at the Black Hat conference in August that it was opening the program to the public, and that iCloud, iPadOS, macOS, tvOS, and watchOS would be on the bug bounty list.

Researchers have to submit a detailed description of the issue, and enough detail to allow Apple to reproduce it. 
 

The top payouts will go to researchers who discover bugs that affect multiple Apple platforms, especially if the issue affects the latest Apple devices and software. Any bug discovered in a beta version will earn the researcher a 50 percent bonus in addition to the standard reward. Among the potential payouts: A researcher who can bypass a device’s lock screen can earn between $25,000 and $100,000; gaining unauthorized iCloud access could net between $25,000 and $100,000; and extracting sensitive data from a locked device could be worth between $100,000 and $250,000.

The most lucrative bugs for researchers, however, will be those that produce attacks that take over a device without any action on the part of the user; so-called zero click attacks. The requirements are strict to collect a bounty in these instances and require a full exploit chain to be submitted with the report. 

Even though it’s only been in place since 2016, Apple’s bug bounty program is one of the more lucrative among tech giants, and now joins competitors whose bug bounties already were open to the public.

And the timing of the bug bounty expansion may be partly in response to myriad problems with the very buggy iOS 13, which has included some security flaws. Bloomberg reported in November that in preparation for the release of iOS 14 in 2020, Apple has changed the way it tests software to be more in line with how Google, Microsoft, and other companies isolate and test changes in their software.

As part of the revised program, Apple said it will match donations of the bounty payments to qualifying charities, and publicly recognize researchers who submit valid reports.



Source: Kim Lyons (The Verge)
~Best FeedsTM

Comments

Post a Comment

Popular posts from this blog

New AI deepfake app creates nude images of women in seconds

-
Image
The resulting fakes could be used to shame, harass, and intimidate their targets. The DeepNude app creates AI fakes at the click of a button. A new AI-powered software tool makes it easy for anyone to generate realistic nude images of women simply by feeding the program a picture of the intended target wearing clothes. The app is called DeepNude and it’s the latest example of AI-generated deepfakes being used to create compromising images of unsuspecting women. The software was first spotted by  Motherboard’s  Samantha Cole, and is available to download free for Windows, with a premium version that offers better resolution output images available for $99. THE FAKE NUDES AREN’T PERFECT BUT COULD EASILY BE MISTAKEN FOR THE REAL THING Both the free and premium versions of the app add watermarks to the AI-generated nudes that clearly identify them as “fake.” But in the images created by  Motherboard , this watermark is easy to remove. (We were unable to test the app ourselves as
Read more

YouTuber Simone Giertz transformed a Tesla Model 3 into a pickup truck

-
Image
Giertz got tired of waiting for Elon Musk to release Tesla’s first pickup truck, so she made one herself. Simone Giertz was tired of waiting for Elon Musk to unveil his new Tesla pickup truck, so she decided to make one herself. The popular YouTuber and self-described “queen of shitty robots” transformed a Model 3 into an honest-to-god pickup truck, which she dubs “Truckla” — and naturally you can watch all the cutting and welding (and cursing) on her YouTube channel. There’s even a fake truck commercial to go along with it. Giertz spent over a year planning and designing before launching into the arduous task of turning her Model 3 into a pickup truck. And she recruited a ragtag team of mechanics and DIY car modifiers to tackle the project: Marcos Ramirez, a Bay Area maker, mechanic and artist; Boston-based Richard Benoit, whose YouTube channel Rich Rebuilds is largely dedicated to the modification of pre-owned Tesla models; and German designer and YouTuber Laura Kampf. THE F
Read more

Hertz launches $1,000-per-month car subscription service

-
Image
Maintenance, roadside assistance, and some insurance coverage included Photo by Justin Sullivan/Getty Images Hertz is now the latest in an increasingly long line of companies piloting car subscription services. The rental car giant announced Tuesday that it is launching a pilot version of a subscription service called “Hertz My Car” in Austin, Texas and Atlanta, Georgia. The Hertz My Car subscription service will be offered in two tiers, both of which include full vehicle maintenance, roadside assistance, damage to the vehicle (though with a $1,000 deductible), and limited liability protection. The $999 per month tier includes full-size sedans, small SUVs, and trucks. Luxury sedans, regular SUVs, and larger trucks will be available for $1,399 per month. Subscribers will be able to swap their vehicle twice a month within their own tier (Hertz will allow additional swaps for $75). IT COSTS $250 JUST TO ENROLL The per-month prices are before tax, and Hertz is charging a $250 en
Read more