Apple is reportedly planning to provide security researchers with special iPhones that will make it easier for them to find security loopholes. According to sources quoted by Forbes, the new scheme will be part of the company’s new invite-only bug bounty program that will be announced at the ongoing Black Hat security conference in Las Vegas. The report is expected to reduce the number of leaked or stolen developer iPhones that are often sold on black market for tens of thousands of dollars.
The report further claims that the special, developer-oriented iPhones will allow the security researchers to access many areas of the operating system that are off-limits on commercial iPhones. “In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities”, said the report. As is to be expected, however, these devices will still not be as open and accessible as the ones available to Apple’s in-house developers and security researchers.
Alongside the new iOS program, Apple is also said to be launching a bug bounty program for macOS for the first time. While other tech giants, like Microsoft and Google, have long offered bug bounty programs for Windows and Android, respectively, Apple had only been offering financial rewards for iOS, and not Mac.
That policy came under fire earlier this year when 18-year-old German cyber-security enthusiast, Linus Henze discovered the so-called “KeySteal” zero-day macOS vulnerability, but refused to share the details with Apple because the company had no bug bounty program for macOS. The bug, according to Henze, could be potentially exploited by cyber-criminals to retrieve sensitive data stored in the Mac Keychain app.
from Beebom https://beebom.com/macos-bug-bounty-program/
No comments:
Post a Comment