{"id":26190,"date":"2019-08-06T16:21:21","date_gmt":"2019-08-06T20:21:21","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=26190"},"modified":"2021-07-13T11:55:45","modified_gmt":"2021-07-13T15:55:45","slug":"hacker-friendly-iphones-and-mac-bug-bounty-program","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2019\/08\/06\/hacker-friendly-iphones-and-mac-bug-bounty-program\/","title":{"rendered":"Hacker-Friendly iPhones and Mac Bug Bounty Program"},"content":{"rendered":"<p><a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2019\/08\/05\/apple-is-giving-out-hacker-friendly-iphones-plots-mac-bug-bounty-sources\/#f52a07f4f095\">Thomas Brewster<\/a> (via <a href=\"https:\/\/twitter.com\/patrickwardle\/status\/1158492889044750338\">Patrick Wardle<\/a>):<\/p>\n<blockquote cite=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2019\/08\/05\/apple-is-giving-out-hacker-friendly-iphones-plots-mac-bug-bounty-sources\/#f52a07f4f095\">\n<p>Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It&rsquo;ll also be announcing an Apple Mac bounty, so anyone who can find security issues in macOS will get rewarded, sources claimed.<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/stroughtonsmith\/status\/1158551587813502976\">Steve Troughton-Smith<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/stroughtonsmith\/status\/1158551587813502976\">\n<p>What could a pre-jailbroken iPhone from Apple look like? I would have to imagine it has debug symbols (+ no dyld cache) and the ability to attach a kernel debugger, maybe even SSH, and is surely very securely provisioned and locked to your dev account with strict usage rules<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/CastIrony\/status\/1158550720825532418\">Joel Bernstein<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/CastIrony\/status\/1158550720825532418\">\n<p>Uh, can you provide non-current-OS iPhones to devs?<\/p>\n<\/blockquote>\n\n<p><a href=\"https:\/\/twitter.com\/radian\/status\/1144021692131364864\">Ivan Krsti&#x107;<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/radian\/status\/1144021692131364864\">\n<p>Very excited to <a href=\"https:\/\/www.blackhat.com\/us-19\/briefings\/schedule\/#behind-the-scenes-of-ios-and-mac-security-17220\">return to the Black Hat stage<\/a> this year to talk about some world-class Apple security features! iOS code integrity and Pointer Authentication Codes, Mac secure boot with the T2 Security Chip, the crypto behind the Find My feature, and more.<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/06\/14\/how-find-my-works\/\">How &ldquo;Find My&rdquo; Works<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2019\/02\/07\/keysteal-mac-keychain-exploit\/\">KeySteal Mac Keychain Exploit<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2016\/08\/15\/apple-security\/\">Apple Security<\/a><\/li>\n<\/ul>\n\n<p id=\"hacker-friendly-iphones-and-mac-bug-bounty-program-update-2019-08-08\">Update (2019-08-08): <a href=\"https:\/\/twitter.com\/rmogull\/status\/1159554444108808193\">Rich Mogull<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/rmogull\/status\/1159554444108808193\">\n<p>Basically, Apple will be releasing to authorized applicants a version of iOS devices with a research chain and appropriate hooks already installed. Think an iPhone already with a shell on it for research, no jailbreak needed.<\/p>\n<\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/rmogull\/status\/1159552166584963072\">\n<p>Talking bug bounties now. Current program was iOS and iCloud only and invite only with a max payout of $200K.<\/p>\n<p>They received 50 high value reports.<\/p>\n<p>Just opened up to all researchers.<\/p>\n<\/blockquote>\n<blockquote cite=\"https:\/\/twitter.com\/rmogull\/status\/1159553426998476800\">\n<p>Massive jump in Apple bug bounties. Now payouts for pre release (with a 50% bonus).<\/p>\n<p>Up to $1M for a zero click full chain kernel code execution!!!<\/p>\n<p>Releasing a vuln research kit with ssh and more on iOS. Full chain access device (yes a supported hardware platform).<\/p>\n<\/blockquote>\n\n<p id=\"hacker-friendly-iphones-and-mac-bug-bounty-program-update-2019-08-13\">Update (2019-08-13): See also: <a href=\"https:\/\/www.macrumors.com\/2019\/08\/08\/apple-bug-bounty-program-improvements\/\">MacRumors<\/a>, <a href=\"https:\/\/news.ycombinator.com\/item?id=20649470\">Hacker News<\/a>.<\/p>\n\n<p><a href=\"https:\/\/twitter.com\/KrauseFx\/status\/1159836570989416449\">Felix Krause<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/KrauseFx\/status\/1159836570989416449\">\n<p>I found a security issue with the iTunesConnect backend, where I could access the full build information unreleased builds (e.g. internal TestFlight) of any app available.<\/p>\n<p>Reporting it was a pain, it took forever. They fixed it within 4w. I never heard back. I never got thanked.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Thomas Brewster (via Patrick Wardle): Later this week, at the Black Hat security conference in Las Vegas, Apple is to announce plans to give security researchers special iPhones that will make it easier for them to find weaknesses in the smartphone, Forbes has learned. It&rsquo;ll also be announcing an Apple Mac bounty, so anyone who [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2019-08-06T20:21:25Z","apple_news_api_id":"58dfc0a1-a3bf-4514-8d52-c067708d058a","apple_news_api_modified_at":"2021-07-13T15:55:48Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAABA==","apple_news_api_share_url":"https:\/\/apple.news\/AWN_AoaO_RRSNUsBncI0Fig","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[38,2098,131,31,85,653,30,1609,48],"class_list":["post-26190","post","type-post","status-publish","format-standard","hentry","category-technology","tag-apple","tag-apple-security-bounty","tag-bug","tag-ios","tag-iphone","tag-itunes-connect","tag-mac","tag-macos-10-14","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=26190"}],"version-history":[{"count":5,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26190\/revisions"}],"predecessor-version":[{"id":26274,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/26190\/revisions\/26274"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=26190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=26190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=26190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}