Apple expanded the size of the security bug detection program to receive bonuses, including macOS, a maximum bonus of $ 1 million

Security researchers have, are, and will find a vulnerability in macOS that will be awarded by Apple in the near future.

In the framework of the Black Hat conference taking place in Las Vegas, USA, Cupertino giant has officially announced that it will expand the scale of security bug detection programs to receive current bonuses to ensure the interests of the Security researchers involved in seeking vulnerabilities in the company's software systems. Instead of only applying to iOS as at the present time, the bonus security detection program can also be applied with macOS, tvOS, watchOS and iCloud in the near future.

1. The fate of the smartphones in the second hand market: Removed to every detail, can restore data to steal information

Previously, the bonus security detection program was only applied to iOS

In addition, the bonus will be raised to a maximum of $ 1 million for serious vulnerabilities, such as security flaws, which could lead to an attack on executing the entire kernel code, zero-click .

Apple started deploying a security bug detection program that received bonuses three years ago and only applies to iOS. As the name suggests, security researchers will be paid for any vulnerabilities they find in Apple's mobile operating system and provide complete information for the apples. More or less bonuses will depend on the severity and complexity of the vulnerability.

Although it is also an important product of Apple and possesses a large number of users worldwide, strangely, the security bug finder program has never been applied to macOS. This makes the macOS developer community unhappy. They felt that the effort they spent was overlooked, and after three years, Apple also had to listen to the community. Apple's bug pay program, after being scaled up, will almost certainly be applied to macOS - a slightly late but necessary move!

1. Apple, Google, Microsoft, Facebook and Twitter will join a large-scale shared data project

Apple should still further enhance the bonus level for security flaws discovered and reported

In addition, iCloud, tvOS, iPadOS and watchOS will most likely be included in the list of bonus security programs that receive bonuses. Apple is currently extremely interested in optimizing its software products in the direction of utilizing the potential from the outside. Apple's bounty for security researchers is currently at a maximum of $ 200,000 for particularly serious vulnerabilities, but is expected to increase fivefold to $ 1 million in time. next.

For example, if you find an iOS vulnerability that allows an attacker to control the phone without any user interaction, the amount equivalent to about 23 billion will belong to you!

Scaling up the bonus security program to receive bonuses is a necessary move, showing Apple's interest in contributions from resources outside the internal system, and can help convince Many security researchers participated in reporting more vulnerabilities in Apple software, from which product quality and user experience will be significantly improved.

1. New policy: Authorized centers of Apple in Vietnam only accept warranty devices with purchase invoices

However, according to experts, in the coming time, Apple should still improve the bonus level for security errors discovered and reported. The $ 1 million bonus with a particularly serious security error is not trivial, but security bugs of this type are often more valuable when sold on the black market. That is the problem that Apple must seriously consider.

In the past few years, bonus security security programs are being used by many large software development companies to make the most of human resources outside the system, thereby optimizing products. I can mention such as Apple, Microsoft, Facebook and Apple .

1. iPhone 4S, iPhone 5, iPad 2 suddenly received a new iOS update to fix the error showing the wrong date and time

"Security hole hunter" is one of the emerging industries, receiving much attention

It is also thanks to these types of programs that a new type of career has been formed in the field of security, it can be understood that the profession is "hunting the system error". In a nutshell, this is how it should be replicated. It benefits not only software developers, free security researchers, but also users because the end product becomes more user-friendly and secure.