Apple is predicted to unveil a macOS bounty program at the upcoming Black Hat security conference which takes place in Las Vegas, Nevada later this week, Forbes reported today.
The Mac bounty program would reward researchers who could find critical security issues in the company’s desktop operating system powering Mac hardware. Unnamed sources cited by the publication claimed that it wasn’t immediately clear whether similar prizes will be on offer like with the company’s existing bounty program targeting iOS hardware.
Apple declined to comment.
The new bounty initiative would arrive just in time. In February, teenager Linus Henze discovered a major bug in macOS that allowed him to spy on passwords in the system keychain. Problem is, he didn’t provide Apple with details due to the lack of payment. Having a dedicated Mac bounty program would encourage people like Henze to report critical flaws to the Mac maker before they could be exploited in the wild.
Besides, macOS in the past year or so has been increasingly the target of malware and bad actors, even more so given Apple’s focus on protecting user privacy and security. A dedicated macOS bounty program would make Macs largely more secure, a win for both Apple and its end users, commented Patrick Wardle, principal security researcher at Jamf.
Patrick knows this stuff inside out — he’s found numerous issues in macOS thus far.
Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more: https://t.co/ftnHs3iBO5 https://t.co/SzkzTt354z
— Ivan Krstić (@radian) June 26, 2019
Ivan Krstić, who is Apple’s head of Security and Engineering, will give a talk at Black Hat on Thursday, entitled “Behind the Scenes of iOS and Mac Security” which promised “unprecedented technical detail” on iPhone and Apple Mac security.
The current iOS bounty program was introduced three years ago, promising up to $200,000 reward for any critical vulnerabilities discovered in the mobile operating system powering iPhones and iPads. While some have said that the company’s monetary reward is too low, the company did meet with high-profile hackers in an effort to get the ground running.
At the start of this year, the company acknowledged that 14-year-old Grant Thompson who stumbled upon the eavesdropping group FaceTime bug would get rewarded because he reported this critical vulnerability to Apple.
The Forbes piece also mentions that the company will supply participants of the iOS bounty program with special pre-jailbroken iPhone variants that will make it easier for security researchers to suss out hardware and software vulnerabilities.