Leave a comment

Apple's Bug Bounty Bested by Broker

Apple's Bug Bounty Bested by Broker
An exploit broker is publicly offering more than twice as much cash as Apple for vulnerabilities in iOS 9.3.

(CCM) — The future of Apple's bug bounty program has been plunged into doubt following the revelation that an exploit broker is offering more than twice as much as the company for information about vulnerabilities in iOS. Apple's bug bounty program, unveiled last week, provides rewards of up to $200,000 for vulnerabilities found in iOS, but Exodus Intelligence is offering up to $500,000 for previously unknown software flaws in iOS 9.3 or later versions. Exodus' "research sponsorship program" is open to anyone, and the company is willing to make payments by check, wire, Western Union, and Bitcoins, the latter of which allowing the recipient to remain anonymous. Contributors can choose to receive either a one-off fee for a vulnerability or periodic payments until the vulnerability is fixed.

Corporate bug bounty programs such as Apple's are increasingly encountering competition from exploit brokers who buy vulnerabilities and sell information about them to clients and security companies, organizations that buy vulnerabilities to sell to hacker groups, and governments and law enforcement agencies that buy them for their own purposes. The FBI reportedly paid over $1 million for a vulnerability that enabled it to access the locked iPhone belonging to San Bernardino gunman Syed Farook.

Image: © blackzheep - Shutterstock.com
Add comment