O'Grady's PowerPage

Tag: reward

  • Apple to send out first wave of “jailbroken” iPhones to security researchers, security program participants

    Apple is reportedly preparing to send out “jailbroken” iPhone handsets to the first participants of its Security Research Device (SRD) program, which will allow security researchers to dig into iOS more deeply than they have before.

    The program offers specially configured iPhones that are less locked down than their consumer counterparts, allowing researchers easier access to find flaws and vulnerabilities. Apple announced the program in August 2019, and began accepting applications for it in July 2020.

    The devices are being loaned to researchers on a 12-month renewable basis. Apple notes that only approved researchers will be able to get their hands on them and that they’re only “intended for use in a controlled setting.”

    Upon receiving the iPhones, security researchers will be able to achieve shell access on the units, run any tools, and choose their entitlements. The goal of this is to more readily locate security vulnerabilities without having to jailbreak devices in the first place. Alongside access to an SRD, participants will also be granted access to a special collaborative forum with Apple engineers and extensive documentation on Apple platforms.

    Finally, Apple has announced that it would be paying more for vulnerabilities located in its software as part of its bug bounty program.

    Stay tuned for additional details as they become available.

    Via AppleInsider, MacRumors, and developer.apple.com

  • Apple boosts bug bounty program, offers greater rewards for locating critical security vulnerabilities ahead of time

    If you want the good stuff, you’ve got to pay for it.

    Apple has introduced an expanded bug bounty program that covers macOS, tvOS, iCloud, and iOS over at the Black Hat hacker conference in Las Vegas and hosted by head of security engineering Ivan Krstić. The company first introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple.

    The change also follows an incident in which the company’s lack of a bug bounty program earlier this year prompted a German teenager to refuse to hand over details of a major macOS Keychain security flaw given that Apple didn’t have a payout plan in place. While the teenager eventually handed over the details of the hack, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done. 

    The updated bug bounty program has Apple increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount. 

    Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount. 

    Apple has also begun providing vetted and trusted security researchers with “dev” iPhones, or specialized iPhones that offer deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered. 

    Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple’s aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers. 

    Stay tuned for additional details as they become available.

    Via MacRumors

  • Exodus Intelligence announces bounties up to $500,000 for zero-day vulnerability flaw discoveries in iOS 9.3 and higher

    hackicon

    Forget the $200,000 bounty Apple is offering for information regarding zero-day vulnerabilities in iOS, a new security firm is offering up to $500,000 per discovery.

    On Tuesday, Texas-based Exodus Intelligence said it will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS version 9.3 and higher.

    These zero-days are software flaws that have gone undetected by Apple, making them potentially very valuable, especially for cyber criminals who can use them to hack iOS devices.

    (more…)

  • Apple Pay adds two of the five major Canadian banks, three more confirmed to come online in later months

    applepayicon

    In Canadian news that doesn’t focus on a horrible, raging wildfire, Apple Pay has gone through for Interact debit and major credit cards issued by Royal Bank of Canada and Canadian Imperial Bank of Commerce. Until today, customers of these banks had to use a non-bank-issued American Express card, bringing two of the five major banks under the Apple Pay flag.

    ATB Financial and Canadian Tire Financial Services also go live today. Apple Pay VP Jennifer Bailey confirmed that all of the Big Five will be included and offered the following statement:

    “We are thrilled that seven of Canada’s leading banks, including […] every one of the Big Five are bringing Apple Pay to their customers.”

    (more…)

  • Kohl’s adopts Apple Pay, links service to charge, reward cards

    applepayicon

    You can now use Apple Pay at some Kohl’s locations.

    Which isn’t a bad thing.

    Kohl’s has stated that the department store chain now accepts Apple Pay and that Apple Pay users can now pay with a Kohl’s Charge card and earn Yes2You Rewards points at the same. This makes it the first Apple Pay retailer to combine store card payments and rewards in a single-tap transaction.

    Roughly 250 Kohl’s locations currently support the option and the company has said that this should be available in all locations by the end of the month, according to company representatives. The system will work automatically so long as a person has both their Charge and Yes2You cards linked to Apple Pay.

    (more…)