Tuesday, August 6, 2019

Hacker-Friendly iPhones and Mac Bug Bounty Program

Thomas Brewster (via Patrick Wardle):

Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It’ll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed.

Steve Troughton-Smith:

What could a pre-jailbroken iPhone from Apple look like? I would have to imagine it has debug symbols (+ no dyld cache) and the ability to attach a kernel debugger, maybe even SSH, and is surely very securely provisioned and locked to your dev account with strict usage rules

Joel Bernstein:

Uh, can you provide non-current-OS iPhones to devs?

Ivan Krstić:

Very excited to return to the Black Hat stage this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more.

Previously:

Update (2019-08-08): Rich Mogull:

Basically, Apple will be releasing to authorized applicants a version of iOS devices with a research chain and appropriate hooks already installed. Think an iPhone already with a shell on it for research, no jailbreak needed.

Talking bug bounties now. Current program was iOS and iCloud only and invite only with a max payout of $200K.

They received 50 high value reports.

Just opened up to all researchers.

Massive jump in Apple bug bounties. Now payouts for pre release (with a 50% bonus).

Up to $1M for a zero click full chain kernel code execution!!!

Releasing a vuln research kit with ssh and more on iOS. Full chain access device (yes a supported hardware platform).

Update (2019-08-13): See also: MacRumors, Hacker News.

Felix Krause:

I found a security issue with the iTunesConnect backend, where I could access the full build information unreleased builds (e.g. internal TestFlight) of any app available.

Reporting it was a pain, it took forever. They fixed it within 4w. I never heard back. I never got thanked.

1 Comment RSS · Twitter

Leave a Comment