Apple Bug Bounty Program disappoints participating security experts. They claim that the giant tech firm has payment delays and other issues.
Security experts are currently disappointed because of the issues that they are suffering from after joining the popular Apple Bug Bounty Program. The Cupertino-based tech firm‘s ongoing cybersecurity program allows various tech experts and researchers to find some bugs and other internal issues that are in the newly released Apple products and gadgets.
If they successfully discover alarming system flaws in the newly launched Apple devices, applications, or software, the giant American manufacturer would reward these participating security experts with thousands or millions of dollars.
However, some of the security researchers involved in the Apple Bug Bounty Program are complaining about certain issues that prevent them from acquiring the best experience they could have in the program. One of these is the former NSA expert Dave Aitel, who said that the ongoing cybersecurity enhancement program of the giant iPhone manufacturer affects its overall product safety.
The security expert explained that “having a good relationship with the security community gives you a strategic vision that goes beyond your product cycle. Hiring a bunch of smart people only gets you so far.”
Apple Bug Bounty Program Now Criticized!
Security experts claimed that the current Apple Bug Bounty reward system doesn’t have efficient internal communication management. Aside from this, they added that the giant manufacturer sometimes pays them late whenever they discover a new system bug. On the other hand, Apple is also accused of paying the incorrect reward amount to the hard-working cybersecurity experts.
This can be seen in the case of the security expert Cedric Owen, who complained that he didn’t receive the amount promised by Apple. He explained that he only received $5000 for the MacBook bug he discovered, which could allow hackers to take over the user’s desktop. His issue is also experienced by other cybersecurity researchers. In the long run, the delayed and incorrect payment system of Apple could drastically affect its program since many researchers and experts could be discouraging to participate in it.
Once that happens, Apple needs to hire professional security experts, or even work with hackers just to discover the serious bugs in its smartphones, laptops, computer systems, and other products. This would also force them to pay more since identifying a security flaw is clearly expensive.
Apple Bug Bounty Program’s Details
As of the moment, the Apple Bug Bounty project offers thousands and millions of dollars to those individuals who can discover a gadget flaw. These include the following categories;
- Unauthorized access to iCloud account data on Apple Servers ($100,000)
Device attack via physical access
- Lock screen bypass, User data extraction ($100,000-$250)
Device attack via user-installed app
- Unauthorized access to sensitive data, Kernel code execution, CPU side-channel attack ($100,000-$250)
Network attack with user interaction
- One-click unauthorized access to sensitive data, One-click kernel code execution ($150,000-$250)
Network attack without user interaction
- Zero-click radio to the kernel with physical proximity, Zero-click unauthorized access to sensitive data, Zero-click kernel code execution with persistence, and kernel PAC bypass ($250,000-$1,000,000)