There is a peculiarity that distinguishes Apple and that is neither its particular ecosystem, nor its distinctive design: it is its safety. The Cupertino brand has created, together with its operating system, a very safe environment. And much of this is due to the Apple Security Rewards Program.
This initiative is what has allowed Apple to have reinforcements in all sections, both software and hardware. The idea is simple: if we send an investigation into a vulnerability of security or privacythe report could be considered for a reward.
But there is more. If we have specific knowledge and we believe we can hack an Apple server, The company would pay us up to a million euros. And this increases every time Apple launches a new product (any, from helmets, to a tablet, computer or smartphone) or an update.
For example, when Apple prepared for the official launch of its AI service, the company focuses naturally on security. While much of the processing of Apple Intelligence requests will be carried out on your device, some must be managed by Apple servers. Collectively known as private cloud computing (PCC)these servers must be reinforced against any type of cyber attack or hacking to protect themselves from theft and data violation.
As usual, after announcing Apple Intelligence, the company invited safety and privacy researchers to inspect and verify the security and privacy from end to the end of the servers. Apple even gave certain researchers and auditors access to a virtual research environment (ERV) and other resources to help them prove PCC’s security. Now, the company opens the door to anyone who tries to hack their collection of servers.
To give users advantage, Apple has published A private cloud computer security guide. There it is explained how a PCC works, focusing especially on how applications are authenticated, How to inspect the software that is executed in Apple Data Centers and how PCC privacy and safety are designed to resist different types of cyber attacks.
The virtual research environment (ERV) is also open to anyone competing for errors reward. When executing in a Mac, this virtual environment (basically a connected computer, but in a very guarded environment) It allows to inspect the software versions, download the files of each version, start a version in a virtual environment and use the software see its possible vulnerabilities.
The program is designed for discover vulnerabilities in three main areas and each of them has its specific reward.
The accidental dissemination of datafor example, analyze vulnerabilities that expose data due to configuration failures or system design problems. The reward for this is 50,000 euros.
You can also try to detect a External commitment for user applications. These are vulnerabilities that allow attackers to exploit user requests to obtain unauthorized access. And finally, the Apple menu to reward those who find vulnerabilities in their ecosystem includes those vulnerabilities in which access to internal interfaces allows to compromise the system.
Each of these “dishes” has its price, according to the specific Apple on its website. This is the menu.
Accidental or unexpected data dissemination due to a problem of implementation or configuration: € 50,000
Ability to execute non -certified code: € 100,000
Access to the application data of a user or other confidential data of the user outside the trust limit: € 150,000
Access to application data for a user or confidential information about their requests outside the trust limit: € 250,000
Arbitrary code execution without user’s permission or knowledge with arbitrary rights: € 1,000,000
And, as if that were not enough, Apple also promises consider the possibility of granting financial compensation for any security problem Linked to the brand, even if it is not in a published category.
Here, the company will evaluate its report according to the quality of its presentation, the tests of what can be exploited and the impact on users. All information to present a report is on this Apple website.