Firm offers $500,000 to anyone who can find iOS security flaws

Security firm offers $500,000 to anyone who can find iOS security flaws


Apple takes a hacksaw to estimated trade-in values for its devices
There's money in discovering iOS flaws, it seems!
Photo: Pictures of Money/Flickr CC

Tech security company Exodus Intelligence is offering $500,000 to anyone who can discover and share with them critical holes which exist in iOS 9.3 and above — as well as smaller (but still significant) sums to anyone finding bugs in Google Chrome, Microsoft Edge and Adobe Flash.

Get investigating, folks!
Photo: Exodus

The move comes just one week after Apple upped its security game by creating a bug bounty program offering up to $200,000 to security researchers who find vulnerabilities in the company’s various software platforms.

Exodus’ sum is more than twice what Apple was promising, which itself was double the amount Google previously promised for the discovery of security flaws.

In the case of Apple and Google, initiatives like this exist so that the companies can further improve the security of their products. In the case of Exodus, it notes that it wants to be able to “inform [its] client of critical threats years before the public (and attackers) catch wind of the vulnerability.”

There is another notable difference between Exodus and Apple’s bug bounty program. For someone to be eligible for Apple’s $200,000 bounty, they have to be an invite-only researcher who has previously disclosed a security flaw to Apple. This is because Apple reportedly consulted with other companies offering similar programs and decided that opening it up to the public would flood the company with reports, many of which could be garbage.

It’s worth noting that the half a million dollar reward, while enormous, also isn’t the biggest such reward that has been offered for an Apple exploit. According to some reports, the FBI paid out more than $1 million to security researchers who volunteered to help crack the San Bernardino shooter’s iPhone. A seven-figure sum was also previously promised by security company Zerodium for a remote exploit for iOS 9.

Still not chump change, though!

Via: ZDNet