Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Introduces $2M Bug Bounty for Spyware-Level Exploits

titanium69 said:
Companies should focus heavily on this.. especially with all the hacking by state actors like Mossad going on.
Click to expand...
Mossad and CIA and other State agency exploits aren’t easily getting exposed with this. This is for the mercenary level spyware sold by companies in Israel and other nations like the USA. The funding and importance of the agency level exploits are more than is being offered by Apple
 
Will Co said:
Absolutely right. This is something that many people just don't appreciate. There is money to be made in finding vulnerabilities and those doing so may wish to sell to the highest bidder, rather than doing the right thing. All companies that create software or hardware that will eventually become the target of hackers should be offering a bug-bounty program. Because if they don't pay for the information, someone else will.
Click to expand...
Already happens a lot.
 
How much safer in relative terms does the new memory security in the 17 series help preventing malware etc?

I have no idea how big or small a deal that is…
 
turbineseaplane said:
What information are we talking about being worried about?

Despite all of our concerns about it, one way or another it seems like those that want to know have figured out who we are, where we are, where we go, what we do, what we buy, our SS #, all our vitals and family tree, our credit risk, net worth, assets on hand, if you're sick, if you're pregnant .. on and on and on..

What info are we protecting exactly?
Just credit card numbers from fraud I guess?

Don't misunderstand me -- I want to protect it all!
It just seems like we are largely running plays after the game already ended.
Click to expand...
Debit card numbers and fraud. I couldn’t care less if someone tries to defraud my credit card company. They will take care of it because it’s their problem and they have been collecting 2-4% on all my purchases for decades.

That’s why I refuse the Debit feature.
 
  • Like
Reactions: turbineseaplane
ikramerica said:
Debit card numbers and fraud. I couldn’t care less if someone tries to defraud my credit card company. They will take care of it because it’s their problem and they have been collecting 2-4% on all my purchases for decades.

That’s why I refuse the Debit feature.
Click to expand...

Smart - agree with you on that particular one for sure.

I've started using a Future debit card as a go between (load value as I need it).
I really only got it for the 10% cashback on EV charging
 
SAIRUS said:
I think the overall culture shift at Apple is now for others to fix things. A bug bounty program is great as a supplement, but not releasing high quality software from the get go for what Apple charges seems to be mitigating that extra price you pay for a smooth operation.
Click to expand...

Any evidence that Apple has made a "shift" "for others to fix things" and that this isn't, as you say "a supplement?"
 
  • Like
Reactions: Will Co
You know what really grinds my gears about Apple and this new bug bounty program update? The ghost of Steve Irwin.
 
Mac Fly (film) said:
I use macOS. Do I trust that my information is 100% secure? No. If I was using Linux (which I won’t be) would I trust it 100%? No.
Click to expand...

In my opinion, 100% trust is not possible. I don't even do that with myself.

Ultimately, it boils down to the question of whether, given the shortcomings and lack of information, is there enough trust to use the product?

I use MacOS, for example. Because the company has invested a lot of effort in hardware security and control mechanisms in the operating system.
This compensates for the lack of motivation in software quality.

On the other hand, I don't use iCloud Drive. I already rely on E2E encryption. But since Apple treats the product like a folder, without any options for recovery, etc., I prefer not to entrust Apple with any important documents.

The company has done better with Apple Photos, which is why I haven't been able to find an alternative so far.

It's a constant balancing act. There's no such thing as "this company is trustworthy"; it depends on the product.
 
Good to see Apple paying attention to security. Expecting even stronger security features in future versions of the software.
 
  • Like
Reactions: mganu
Macusercom said:
Great program, worst execution. There have been so many exploits that have been disclosed and those who find it do not get even remotely what Apple promises them. This is the reason many exploits remain hidden and get sold to higher bidders
Click to expand...
In theory the changes should address that - if you can extract the flag showing that you gained that access then that's the proof for payment. It does remove the arguments about what type of exploit it is - you get the flag, you get the money (assuming that no-one else got it first)
 
bmark said:
2 million is a drop in the bucket for Apple! Nothing to see here.
Click to expand...
Is it a drop in the bucket for someone who receives it? Just because a company has a lot of money doesn't mean it should give out enormous quantities of money relative to its revenues.
 
bmark said:
Apple has nothing to do with curing cancer! Maybe if Apple put more resources dealing with iOS bugs then people would be more excited.
Click to expand...
Maybe not directly, but estimates suggest that more than 40% of cancer cases (some estimates put that number closer to 90% when factoring in various environmental causes, which are not always "lifestyle" related) are due in a large part to what we broadly call lifestyle factors like weight, (lack of) exercise, alcohol, smoking, and more.

The Apple Watch and Apple's health focus are playing a role in reducing cancer rates. There's no data that I'm aware of that suggests how large a role, but it's there if people are maintaining lower weight and higher physical activity because of Apple products or software running on Apple products.
 
neuropsychguy said:
Maybe not directly, but estimates suggest that more than 40% of cancer cases (some estimates put that number closer to 90% when factoring in various environmental causes, which are not always "lifestyle" related) are due in a large part to what we broadly call lifestyle factors like weight, (lack of) exercise, alcohol, smoking, and more.

The Apple Watch and Apple's health focus are playing a role in reducing cancer rates. There's no data that I'm aware of that suggests how large a role, but it's there if people are maintaining lower weight and higher physical activity because of Apple products or software running on Apple products.
Click to expand...
Your estimates are way out there! That's like saying a gym makes a huge factor in reducing cancer rates. Even healthy people who exercise regularly get cancer.

Also you fail to mention nutrition which is a huge factor in the health of people.
 
  • Love
  • Like
Reactions: JohnWick1954 and turbineseaplane
bmark said:
Your estimates are way out there! That's like saying a gym makes a huge factor in reducing cancer rates. Even healthy people who exercise regularly get cancer.

Also you fail to mention nutrition which is a huge factor in the health of people.
Click to expand...
Those are not my estimates. Here are a couple sources:

pressroom.cancer.org

New Study Finds 40-Percent of Cancer Cases and Almost Half of all Deaths in the U.S. Linked to Modifiable Risk Factors

ATLANTA, July 11, 2024 — A new study led by researchers at the American Cancer Society (ACS) finds four in 10 cancer cases and about one-half of all cancer deaths in adults 30 years old and...
pressroom.cancer.org pressroom.cancer.org

"A new study led by researchers at the American Cancer Society (ACS) finds four in 10 cancer cases and about one-half of all cancer deaths in adults 30 years old and older in the United States (or 713,340 cancer cases and 262,120 cancer deaths in 2019) could be attributed to modifiable risk factors, including cigarette smoking, excess body weight, alcohol consumption, physical inactivity, diet, and infections. Cigarette smoking was by far the leading risk factor, contributing to nearly 20% of all cancer cases and 30% of all cancer deaths."

And here's an older one: Katzke, V. A., Kaaks, R., & Kühn, T. (2015). Lifestyle and cancer risk. The Cancer Journal, 21(2), 104-110.

Also, I inferred nutrition in the "and more" part of my comment.

It's completely logical to conclude that by encouraging more physical activity (e.g., Apple Watch), that will improve the quality of life for people and possibly cut down on cancer risk in individuals.

The link between higher physical activity and lower cancer risk has long been demonstrated:

Robert Thomas, Stacey A Kenfield, Yuuki Yanagisawa, Robert U Newton, Why exercise has a crucial role in cancer prevention, risk reduction and improved outcomes, British Medical Bulletin, Volume 139, Issue 1, September 2021, Pages 100–119, https://doi.org/10.1093/bmb/ldab019

So yes, people who have a gym membership and go regularly, on average will have lower risk of cancer. I wrote in my other comment: "if people are maintaining lower weight and higher physical activity because of Apple products or software running on Apple products [they should have lower cancer rates, on average than people who do not maintain lower weight and higher physical activity]".

"Even healthy people who exercise regularly get cancer."

Of course. What's true on average for a group is not necessarily true for an individual. Also, everyone dies, but we can make choices that help us live longer and healthier. We will not ultimately prevent death, however.
 
Last edited:
bmark said:
We don't even know if anyone receives the bounty. It's like a sweepstakes to win a car where the winner is never announced.
Click to expand...

varsity said:
Apple has never paid out devs who submitted exploits. This program is nothing more than a scam on white hat hackers
Click to expand...
So you're saying Apple is lying?: "Since we launched the public Apple Security Bounty program in 2020, we’re proud to have awarded over $35 million to more than 800 security researchers, with multiple individual reports earning $500,000 rewards."

Where's your evidence that Apple is lying about that $35 million to more than 800 people?

Here is an article about someone who received $50,000 from Apple, which completely negates both comments: https://cybersecurityventures.com/hacker-cashes-in-on-apples-security-bounty-program/

There are reports online of people not receiving payments but that does not mean no one receives payments. Generally people very vocal about something are those who had a bad experience. That gives a biased sample if those are the only voices you listen to.
 
Last edited:
  • Like
Reactions: 01cowherd
neuropsychguy said:
So you're saying Apple is lying?: "Since we launched the public Apple Security Bounty program in 2020, we’re proud to have awarded over $35 million to more than 800 security researchers, with multiple individual reports earning $500,000 rewards."

Where's your evidence that Apple is lying about that $35 million to more than 800 people?

Here is an article about someone who received $50,000 from Apple, which completely negates both comments: https://cybersecurityventures.com/hacker-cashes-in-on-apples-security-bounty-program/
Click to expand...
$50,000 is hardly anything close to 2 million. Keep sticking up for Apple.
 
  • Disagree
  • Like
Reactions: JohnWick1954 and neuropsychguy
neuropsychguy said:
Those are not my estimates. Here are a couple sources:

pressroom.cancer.org

New Study Finds 40-Percent of Cancer Cases and Almost Half of all Deaths in the U.S. Linked to Modifiable Risk Factors

ATLANTA, July 11, 2024 — A new study led by researchers at the American Cancer Society (ACS) finds four in 10 cancer cases and about one-half of all cancer deaths in adults 30 years old and...
pressroom.cancer.org pressroom.cancer.org

"A new study led by researchers at the American Cancer Society (ACS) finds four in 10 cancer cases and about one-half of all cancer deaths in adults 30 years old and older in the United States (or 713,340 cancer cases and 262,120 cancer deaths in 2019) could be attributed to modifiable risk factors, including cigarette smoking, excess body weight, alcohol consumption, physical inactivity, diet, and infections. Cigarette smoking was by far the leading risk factor, contributing to nearly 20% of all cancer cases and 30% of all cancer deaths."

And here's an older one: Katzke, V. A., Kaaks, R., & Kühn, T. (2015). Lifestyle and cancer risk. The Cancer Journal, 21(2), 104-110.

Also, I inferred nutrition in the "and more" part of my comment.

It's completely logical to conclude that by encouraging more physical activity (e.g., Apple Watch), that will improve the quality of life for people and possibly cut down on cancer risk in individuals.

The link between higher physical activity and lower cancer risk has long been demonstrated:

Robert Thomas, Stacey A Kenfield, Yuuki Yanagisawa, Robert U Newton, Why exercise has a crucial role in cancer prevention, risk reduction and improved outcomes, British Medical Bulletin, Volume 139, Issue 1, September 2021, Pages 100–119, https://doi.org/10.1093/bmb/ldab019

So yes, people who have a gym membership and go regularly, on average will have lower risk of cancer. I wrote in my other comment: "if people are maintaining lower weight and higher physical activity because of Apple products or software running on Apple products [they should have lower cancer rates, on average than people who do not maintain lower weight and higher physical activity]".

"Even healthy people who exercise regularly get cancer."

Of course. What's true on average for a group is not necessarily true for an individual. Also, everyone dies, but we can make choices that help us live longer and healthier. We will not ultimately prevent death, however.
Click to expand...
So you pulled a couple of Chat GPT articles together? You are not an expert on this yet act like you are.
 
  • Like
Reactions: JohnWick1954 and turbineseaplane
bmark said:
$50,000 is hardly anything close to 2 million. Keep sticking up for Apple.
Click to expand...
You are moving the goalposts. You wrote: "We don't even know if anyone receives the bounty."

By spending 10 seconds doing a web search and copying a link, I provided evidence that at least one person has received a bounty (unless that person and Apple are lying). That evidence showed people have received a bounty. Apple said, "multiple individual reports earning $500,000 rewards". So unless you have evidence that Apple is lying, how about you stop trying to unfairly stick it to Apple just because you don't like them for whatever reason?
 
  • Haha
Reactions: bmark
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back