Apple is offering cybersecurity researchers up to US$ 1 million (around Rs 7 crores) to detect flaws in iPhones and Macs. Another $500,000 will be given to those who can find a "network attack requiring no user interaction". Notably, these "research fused" iPhones will also be more specialized than the "dev fused" iPhones that security researchers have had access to thus far, with setups designed expressly for tracking down security bugs, including ssh access, a root shell, and advanced debug capabilities.
Although Apple launched its bug bounty program back in 2016, it was not only late to the game in encouraging hackers to come forward with security vulnerabilities found in its products, but in true Apple style it only opened it up to a small list of elite researchers, by invitation only.
Previously, this was an automatic feature in every iPhone, but following outrage from users, Apple began giving them the option to turn it off in iOS 11.3. That is to reward an expert who has identified a problem before the bug is passed along to the public, and brings the top possible award handed out by Apple to $1.5 million. Plus, there is another 50 percent bonus on offer as well if the researcher is able to report any bug in any pre-release build of Apple software. The programme which already covers iOS offers developers monetary rewards for discovering bugs in Apple's code and reporting them to the company for fixing.
'It's not a bug; it's a feature Apple wants, ' writes the company in a blog post.
As detailed by The Art of fix on YouTube and further expanded on by iFixit, attempting to replace the battery in newer iPhone models will often trigger a "Service" alert in the phone's Battery Health menu. Other than that, the company will include Mac software along with other targets in addition to offering a variety of rewards, referred to as bounties, for the most remarkable findings. "Health information is not available for this battery". Moreover, the message is appearing even if you have a genuine Apple battery installed, but not by Apple or one of its Authorized Service Providers.
The lock is apparently only affecting Apple's newer phones, including the iPhone XR, XS, and XS Max which are running either the newest ios 12.4 or an iPhone 13 beta. This is good news to those who wanted to be part of this task and was locked out because the bounties were limited only to invites in the past. The program is open for researchers with a proven track record of making impactful security-oriented contributions, with the goal being to make it easier for experienced bug hunters to work on Apple's devices. It has been proven that people hold onto their phones for longer if they have access to cheap repairs. "Considering the importance of a bug like this to Apple's business and the size of their cash hoard, this sounds like they don't actually care that much".