
Apple Security Bounty - devhwrng
https://developer.apple.com/security-bounty/
======
killjoywashere
Facebook:
[https://www.facebook.com/whitehat](https://www.facebook.com/whitehat)

Amazon: [https://aws.amazon.com/security/vulnerability-
reporting/](https://aws.amazon.com/security/vulnerability-reporting/)

Netflix:
[https://help.netflix.com/en/node/6657](https://help.netflix.com/en/node/6657)

Google: [https://www.google.com/about/appsecurity/programs-
home/](https://www.google.com/about/appsecurity/programs-home/)

Microsoft: [https://www.microsoft.com/en-
us/msrc/bounty](https://www.microsoft.com/en-us/msrc/bounty)

More: [https://www.ubuntupit.com/best-bug-bounty-programs-on-
intern...](https://www.ubuntupit.com/best-bug-bounty-programs-on-internet/)

~~~
ghostpepper
Facebook - No dollar amounts listed but "If we pay a bounty it will be a
minimum $500"

Amazon and Netflix, no dollar amounts listed

Microsoft offers up to $250k for "Critical remote code execution, information
disclosure and denial of services vulnerabilities in Hyper-V"

Ironically that google page dumped a bunch of html into my browser, including
a "script nonce" and a function definition:

    
    
        (function(H){H.className=H.className.replace(/\bgoogle\b/,'google-js')})(document.documentElement)
    

I'll be waiting for a cheque from them, I suppose.

------
jc_811
I see the biggest bounty is for &1,000,000USD and says:” Zero-click kernel
code l execution with persistence and kernel PAC bypass”

As someone who doesn’t speak this language, what does thismean? And are there
examples in history of this type of exploit affecting a large company?

~~~
nicwilson
> Zero-click

No user interaction required.

> kernel code l execution with persistence

Persistent malware with root privilege.

> kernel PAC bypass

I think PAC is some protection measures.

~~~
djcapelis
_I think PAC is some protection measures._

Pointer Authentication Code

It’s a form of pointer integrity checking that you can read about in the
Platform Security Guide (this used to be called the iOS Security Whitepaper)
released today: [https://support.apple.com/en-
sg/guide/security/seca5759bf02/...](https://support.apple.com/en-
sg/guide/security/seca5759bf02/web)

Google’s Project Zero also wrote a post about this mechanism, including a
detailed case study of where they were able to bypass it:
[https://googleprojectzero.blogspot.com/2019/02/examining-
poi...](https://googleprojectzero.blogspot.com/2019/02/examining-pointer-
authentication-on.html?m=1)

------
dsalzman
Real $ amounts! This is how you beat the black market.

------
_bxg1
Is this new? Is that why it's being posted?

~~~
ogre_codes
Prior to now this program was invite only. They are blowing it open to all
security researchers as of today.

[https://apple.news/A4h_BM9HqTjSpsWKsrVPGBw](https://apple.news/A4h_BM9HqTjSpsWKsrVPGBw)

Also, max payout has been bumped to $1.5m which is a pretty big change. Most
of this was announced a few months ago, they are just making good on a
previous announcement at this point.

~~~
_bxg1
Thanks for the context. As a user of Apple devices, I'm excited about the
increased attention to security!

------
pabs3
I heard a rumor that Apple has never paid out any money in their invite-only
bug bounty days. This 2018 article seems to suggest that is true. Does anyone
have any data to the contrary?

[https://www.vice.com/en_us/article/7xqdxe/google-project-
zer...](https://www.vice.com/en_us/article/7xqdxe/google-project-zero-hacker-
iphone-bug-bounty)

------
zemnmez
Critically, there's no information about whether reporters are allowed to
disclose, which usually means that Apple is going to hide any seriously
damaging vulnerabilities...

~~~
saagarjha
There's this:

> Not disclose the issue publicly before Apple releases the security advisory
> for the report. (Generally, the advisory is released along with the
> associated update to resolve the issue). See terms and conditions.

No guarantees, then.

