Forget the $200,000 bounty Apple is offering for information regarding zero-day vulnerabilities in iOS, a new security firm is offering up to $500,000 per discovery.
On Tuesday, Texas-based Exodus Intelligence said it will give between $5,000 and $500,000 for zero-day vulnerabilities relating to iOS version 9.3 and higher.
These zero-days are software flaws that have gone undetected by Apple, making them potentially very valuable, especially for cyber criminals who can use them to hack iOS devices.
Apple had previously offered as much as $200,000 for information regarding critical vulnerabilities in iOS. To ensure it receives quality results, Apple initially is only inviting a few dozen security researchers to participate. That doesn’t mean Apple will turn away other researchers. Non-invitees can also submit vulnerabilities to the company and receive a reward.
This marks the first time that Apple has announced a bug bounty program, although other firms such as Google and Microsoft have used these for years as a way to encourage hackers to turn over bugs rather than sell details of them to bad actors.
However, zero-day vulnerabilities are also valuable to private security companies. Exodus Intelligence makes its business by alerting clients of critical threats before the software providers and hackers even know of them.
These flaws can also be useful to law enforcement authorities. For example, the FBI reportedly paid hackers to use an unknown iOS flaw to access a terrorist’s locked iPhone.
Via Macworld
One reply on “Exodus Intelligence announces bounties up to $500,000 for zero-day vulnerability flaw discoveries in iOS 9.3 and higher”
Exodus Intelligence announces bounties up to $500,000 for zero-day vulnerability flaw discoveries in iOS 9.3 … https://t.co/kvI1P91RUf