Apple-feed
Apple-feed boosted
Olly 👾
@Olly42@nerdculture.de  ·  activity timestamp 4 days ago
⁉️The highest reward has been doubled to $2 million, for reporting vulnerabilities that can lead to zero-click [no user interaction] remote compromise, similar to mercenary spyware attacks. However, payouts can go as high as $5 million through the bonus system.⁉️ “This is an unprecedented amount in the industry and the largest payout offered by any bounty program we’re aware of - and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million,” said Apple. Other payouts increased or introduced under the new program scheme include: • One-click (user interaction) remote attack - $1,000,000 • Wireless proximity attack - $1,000,000 • Broad unauthorized iCloud access - $1,000,000 • WebKit exploit chain leading to unsigned arbitrary code execution - $1,000,000 • Attack on locked device with physical access - $500,000 • App sandbox escape - $500,000 • One-click WebKit sandbox escape - $300,000 • macOS Gatekeeper complete bypass with no user interaction - $100,000 • $1,000 “encouragement award” for low-impact but valid reports 👾Additionally, Apple said that it has “never observed a real-world, zero-click attack executed purely through wireless proximity,” referring to the $1M ‘Wireless Proximity’ award, upped from $250,000 previously.👾
Olly 👾
@Olly42@nerdculture.de  ·  activity timestamp 4 days ago
⁉️The highest reward has been doubled to $2 million, for reporting vulnerabilities that can lead to zero-click [no user interaction] remote compromise, similar to mercenary spyware attacks. However, payouts can go as high as $5 million through the bonus system.⁉️ “This is an unprecedented amount in the industry and the largest payout offered by any bounty program we’re aware of - and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million,” said Apple. Other payouts increased or introduced under the new program scheme include: • One-click (user interaction) remote attack - $1,000,000 • Wireless proximity attack - $1,000,000 • Broad unauthorized iCloud access - $1,000,000 • WebKit exploit chain leading to unsigned arbitrary code execution - $1,000,000 • Attack on locked device with physical access - $500,000 • App sandbox escape - $500,000 • One-click WebKit sandbox escape - $300,000 • macOS Gatekeeper complete bypass with no user interaction - $100,000 • $1,000 “encouragement award” for low-impact but valid reports 👾Additionally, Apple said that it has “never observed a real-world, zero-click attack executed purely through wireless proximity,” referring to the $1M ‘Wireless Proximity’ award, upped from $250,000 previously.👾
Home Login