Spotted a vulnerability in Apple software, but not among Cupertino’s chosen developers tasked with seeking out bugs? No problem. As of today, Apple’s $1.5 million bug bounty program is available everyone who wants to participate. Previously, it was only open to a select few.
The bug bounty means people can earn up to 7-figures for finding weaknesses in Apple software. These could otherwise be exploited by nefarious hackers.
Apple insists it has already patched “many” of the iOS vulnerabilities that were exposed in WikiLeaks’ CIA document dump Tuesday.
Cupertino says it is working to address any identified holes that weren’t already patched, and the company reminds fans that the software built for iPhone boasts the best data security available to consumers.
A group of six university researchers claim to have successfully bypassed Apple’s tight App Store approval processes to publish Mac and iOS malware apps. According to the report, the team presented the zero-day vulnerability to Apple back in October 2014 and were told to keep quiet about it for at least six months.
Luyi Xing, a security researcher who helped expose the zero day vulnerability, still has yet to hear back from Apple on a possible fix.
Last week, Adobe created a firestorm of user unrest when it issued a series of security bulletins impacting three applications of its Creative Suite and said that users must pay to upgrade to the latest versions of the apps if they wanted patches that would close the vulnerabilities.
The company was quickly besieged by users, technology professionals, and security experts demanding that it reverse course and offer security patches to users who couldn’t afford the upgrades (or didn’t want to spend the money). Even though company quietly backpedaled and announced it would offer security updates without acknowledging the reason for its about face or offering an apology, the gaffe raises concerns that Apple’s yearly OS X release cycle might lead it down a similar path.
OS X Lion is being hailed by many as the most secure operating system yet, not just from Apple, but in total. In particular, its FileVault encryption rewrite is being widely hailed as one of the most secure, low-overhead ways yet to keep your data safe.
But behind all the talk, there’s a huge security hole in OS X Lion that has been present at least since Snow Leopard. Any Mac with a Firewire port is vulnerable to it, and it’s so easy to exploit that any hacker with physical access to your computer can get your password within minutes.
