Apple will start providing security researchers special iPhones and will finally launch a bug bounty program for Mac, according to Forbes. Cupertino will reportedly announce those security measures at the Black Hat security conference in Las Vegas later this week in an effort to strengthen its flawed bug bounty program.
Apparently, the tech giant plans to provide researchers part of its invite-only bug bounty program with iPhones that aren’t as locked down as the consumer version. Forbes says they won’t be as open as the ones reserved for the company’s employees, but they might be open enough to give researchers a way to look at the device more closely. The phones could, for instance, give the participants a way to inspect parts of the OS or specific components, such as the memory, to look for vulnerabilities.
In addition, the company is reportedly launching its long-delayed bug bounty program for Mac. Earlier this year, a researcher discovered an exploit that would allow bad actors to grab passwords from login and system keychains without requiring administrator privileges. He refused to tell Apple the vulnerability’s details, however, to protest the fact that its bug bounty program only pays out for iOS bugs and not for macOS ones.
As Patrick Wardle, principal security researcher at Jamf that found several issues in macOS, told Forbes: “If you’re a large, well-resourced company such as Apple, who claims to place a premium on security, having a bug-bounty program is a no brainer.” Providing rewards to security researchers for uncovering flaws in hardware and software could compel them to report the vulnerabilities to the company, making Apple’s products safer and more secure.
Source: engadget.com