A mind-boggling figure that is already tempting for those who are competent in this sector: the Apple has promised a reward of two million dollars to anyone who manages to avoid the attack bugs on their iPhone devices, revealing the violations that occur on their phones, in particular those called “zero-click attacks” which can be carried out remotely.
What is “Bug bounty”
The figure, already very high, could even rise further up to five million dollars with the introduction of further bonuses for those who are good at discovering the various flaws in the system. Experts point out that these staggering figures highlight how Apple has evidently become more vulnerable in recent times. “The protections that keep our users safe also make researchers’ jobs incredibly difficult. With these new payouts we want to continue to incentivize them to do research on our platform“said Ivan Krsti, Apple’s Head of Security Engineering and Architecture in an interview with Italian Tech. The program is called bug bountieswhich is an offer through which individual users can receive recognition and compensation for reporting bugs, particularly those related to security vulnerabilities.
The figures
Since introducing this program, Apple has already paid out more than 35 million dollars to almost a thousand researchers with rewards that have reached up to 500 thousand dollars per person. In detail, those who discover “one-click” attacks (i.e. with the interaction of a user) will be rewarded with one million dollars but also 500 thousand dollars for those who manage to demonstrate how it is possible to actually access a device that is protected by the pin.
Memory Integrity Enforcement
The latest iPhones launched on the market (17 and 17 Pro) have a system called My (Memory Integrity Enforcement) which prevents spyware from entering the system and giving rise to various bugs. This new system was created to prevent the profiles of illustrious people, including politicians, from being hacked. “Mercenary spyware is historically associated with ‘state’ attacks and uses exploit chains costing millions of dollars to target a very small number of individuals and their devices“, explained the Apple developers.
“While the vast majority of users will never be targeted in this way, these exploit chains represent some of the most expensive, complex, and advanced offensive capabilities available at any given time and therefore deserve special attention.
Known mercenary spyware chains used against iOS have a common denominator with those targeting Windows and Android: they exploit memory security vulnerabilities, which are interchangeable, powerful, and widespread across the industry.”
There is a working group that has been working on the development of Mie for five years, obtaining a very high level result: now, even the most sophisticated spyware will not be able to enter the systems.