If You Can Hack An iPhone, Apple Would possibly Pay You $2 Million

In comparison with most firms, Apple has historically been considerably stingy in terms of rewarding people who unearth iPhone exploits. Extra just lately, although, Apple has come to the conclusion that if it needs to find and patch critical iPhone exploits earlier than they get taken benefit of by malicious actors, it has to extend the rewards out there to safety researchers.

In gentle of the above, Apple just lately made vital modifications to its bug bounty program. On October 10, Apple announced that the highest award for an iPhone exploit is now $2 million, in comparison with $1 million beforehand. Naturally, to get the $2 million, customers should uncover an exploit that “can obtain comparable targets as subtle mercenary spy ware assaults.” Apple boasts that the $2 million determine is the biggest quantity provided by any bug bounty program at present in existence. Apple provides that the $2 million payout can soar to $5 million if accompanied by different exploits like bypassing Lockdown Mode.

Moreover, Apple says that it is boosting the payouts for different exploits. For instance, a way to bypass Gatekeeper is now price $100,000, whereas an exploit able to unauthorized iCloud entry now yields $1 million. On high of all of it, Apple is increasing the scope of its bug bounty program to incorporate extra classes, together with WebKit hacks and wi-fi proximity exploits.

Over the previous 5 years, Apple notes that its bug bounty program has yielded greater than $35 million in awards to over 800 hackers and researchers. Underscoring Apple’s dedication to make its bug bounty particularly interesting is that it’s now providing an avenue for researchers to obtain awards on an accelerated observe.

“We’re introducing Goal Flags, a brand new means for researchers to objectively show exploitability for a few of our high bounty classes, together with distant code execution and Transparency, Consent, and Management (TCC) bypasses,” Apple writes. “Researchers who submit studies with Goal Flags will qualify for accelerated awards, that are processed instantly after the analysis is obtained and verified, even earlier than a repair turns into out there.”

The entire above is nice, and highlights that Apple’s view of bug bounty applications has come a great distance. Observe that Apple did not implement its bug bounty program till 2020, a few years after bug bounty applications had been established at firms like Google. Earlier than Apple’s bug bounty program started, Apple’s relationship with safety researchers was removed from supreme. On the time, it wasn’t unusual to listen to safety researchers complain that efforts to relay found exploits to Apple had been typically unsuccessful.

All of that to say this: Apple’s bug bounty program has gone from nonexistent to arguably one of many extra complete and profitable applications within the tech sphere. Apple says its new bug bounty program is about to go dwell subsequent month.

One phrase that caught my eye in Apple’s announcement was that its $2 million prize is reserved for exploits much like “subtle mercenary spy ware assaults.” This focus highlights Apple’s ongoing efforts to bolster the iPhone in opposition to extraordinarily subtle spy ware campaigns. 

Lately, spy ware has grow to be extremely superior, a lot in order that it could possibly generally infect an iPhone with no person interplay in any way. Recall that the NSO Group, for instance, has repeatedly launched spy ware able to leveraging zero-day exploits to assault the iPhone. The NSO Group’s Pegasus software is able to monitoring all features of a goal’s system, together with textual content messages, emails, pictures, and extra. The primary incarnation of Pegasus was notably subtle as a result of it was in a position to set up itself if a person merely clicked on a hyperlink in an SMS message. More moderen NSO Group software program is able to infecting a tool with none person interplay in any respect, which is to say a person does not must click on a hyperlink or open a file to grow to be susceptible.

For years, Apple would normally patch safety vulnerabilities exploited by the NSO Group, solely to see the agency launch new software program able to skirting round its safety limitations. Apple finally grew so annoyed with the sport of cat-and-mouse that it sued the company in 2021 for its “surveillance and concentrating on of Apple customers.”

“State-sponsored actors just like the NSO Group spend thousands and thousands of {dollars} on subtle surveillance applied sciences with out efficient accountability,” Apple’s Craig Federighi mentioned on the time. “Apple gadgets are essentially the most safe shopper {hardware} in the marketplace — however personal firms creating state-sponsored spy ware have grow to be much more harmful.” Apple finally dropped the swimsuit in 2024, noting that the invention course of would reveal delicate safety data.

Whereas we’re on the subject of system safety and spy ware, it is price mentioning that Apple’s iPhone 17 lineup boasts a brand new safety function designed to raised fight spy ware. Apple calls the feature Reminiscence Integrity Enforcement (MIE) and claims that it is the “most vital improve to reminiscence security within the historical past of shopper working methods.”

Put merely, the function prevents malicious code injection as a result of solely trusted code can run in protected reminiscence. Apple writes that almost all spy ware features by exploiting “reminiscence security vulnerabilities” and that MIE is particularly designed to forestall that exact assault vector. Apple has been engaged on MIE since 2020, and it is at present included in each iPhone 17 mannequin together with the iPhone Air.

In an Apple analysis report on MIE, the corporate mentioned its new safety function is so strong that it could make creating assault vectors in opposition to the iPhone 17 prohibitively costly. Apple particularly boasts that MIE will “disrupt lots of the handiest exploitation strategies from the final 25 years, and utterly redefine the panorama of reminiscence security for Apple merchandise.” Along with Apple’s extra expansive bug bounty program, it is clear that Apple is taking concrete steps to make sure that the iPhone stays much less inclined to malware than another smartphone in the marketplace.