Also, max payout has been bumped to $1.5m which is a pretty big change. Most of this was announced a few months ago, they are just making good on a previous announcement at this point.
Critically, there's no information about whether reporters are allowed to disclose, which usually means that Apple is going to hide any seriously damaging vulnerabilities...
> Not disclose the issue publicly before Apple releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue). See terms and conditions.
An exploit that allows full control of the device that installs with no user interaction, zero-click, and is persistent even after rebooting or power cycling the device.
I heard a rumor that Apple has never paid out any money in their invite-only bug bounty days. This 2018 article seems to suggest that is true. Does anyone have any data to the contrary?
18 comments
[ 2.8 ms ] story [ 50.0 ms ] threadAmazon: https://aws.amazon.com/security/vulnerability-reporting/
Netflix: https://help.netflix.com/en/node/6657
Google: https://www.google.com/about/appsecurity/programs-home/
Microsoft: https://www.microsoft.com/en-us/msrc/bounty
More: https://www.ubuntupit.com/best-bug-bounty-programs-on-intern...
Amazon and Netflix, no dollar amounts listed
Microsoft offers up to $250k for "Critical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-V"
Ironically that google page dumped a bunch of html into my browser, including a "script nonce" and a function definition:
I'll be waiting for a cheque from them, I suppose.https://apple.news/A4h_BM9HqTjSpsWKsrVPGBw
Also, max payout has been bumped to $1.5m which is a pretty big change. Most of this was announced a few months ago, they are just making good on a previous announcement at this point.
> Not disclose the issue publicly before Apple releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue). See terms and conditions.
No guarantees, then.
As someone who doesn’t speak this language, what does thismean? And are there examples in history of this type of exploit affecting a large company?
No user interaction required.
> kernel code l execution with persistence
Persistent malware with root privilege.
> kernel PAC bypass
I think PAC is some protection measures.
Pointer Authentication Code
It’s a form of pointer integrity checking that you can read about in the Platform Security Guide (this used to be called the iOS Security Whitepaper) released today: https://support.apple.com/en-sg/guide/security/seca5759bf02/...
Google’s Project Zero also wrote a post about this mechanism, including a detailed case study of where they were able to bypass it: https://googleprojectzero.blogspot.com/2019/02/examining-poi...
https://www.vice.com/en_us/article/7xqdxe/google-project-zer...