Microsoft and Apple Level up Star Hacker Bug Bounties
According to a new security report, Microsoft and Apple have both leveled up their bug bounty programs with new incentives for security researchers.
Microsoft has doubled the top bounty reward for vulnerabilities in its Azure cloud software to $40,000. It also introduced a hacker environment called the Azure Security Lab, which is a cloud infrastructure dedicated to letting cybersecurity researchers test out their skills in an IaaS environment.
Hackers don't get to color outside the lines. Instead, the Lab includes a series of scenario-based challenges that they can follow to try and exploit the system. They can earn up to $300,000 if they succeed, according to Microsoft's blog post announcing the Lab. For more on this, read the Infosecurity report.
Apple is also reportedly fleshing out its existing bounty program in two ways. Forbes reports that the company announced plans to give security researchers developer versions of its iPhone, featuring access to the underlying software and hardware that normal users don't get. These phones, which will be available only to existing participants in Apple's invitation-only bug bounty program, will let them inspect system memory, for example.
The iPhones will be given to the rock star hackers that participate in the Cupertino company's invitation-only bug bounty program, where participants disclose bugs in Apple products in return for monetary rewards. The payments can go as high as $200,000, as announced at the 2016 Black Hat conference.
Apple will also unveil a bug bounty program for its macOS operating system, according to the report. This could mean that researchers like Linus Henze, who discovered a bug in the Mac operating system's keychain password manager earlier this year, will finally get paid.
What makes these iPhones special? One source with knowledge of the Apple announcement said they would essentially be "dev devices." Think of them as iPhones that allow the user to do a lot more than they could on a traditionally locked-down iPhone. For instance, it should be possible to probe pieces of the Apple operating system that aren't easily accessible on a commercial iPhone. In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities. This would allow them to see what happens at the code level when they attempt an attack on iOS code. For more details on this, read the Forbes report.
About Making Comments on our Site: Patently Apple reserves the right to post, dismiss or edit any comments. Those using abusive language or negative behavior will result in being blacklisted on Disqus.