We recently commented that some Google security researchers informed Apple that there were six vulnerabilities that affected iOS. As we know, the company has a reward program for those who discover these flaws, which encourages researchers to report them to the company and not to malicious agents.
Apparently, this method is so effective that Apple is willing to invest even more in it and provide security researchers with “exclusive models of iPhones” which make it easier to find iOS weaknesses, according to a new publication from Forbes. According to the news, Apple will announce the news at the security and hacking Black Hat, to take place this week in Las Vegas (Nevada).
It is important to note that these devices are not the same pre-production units that several hackers use to discover some flaws, since, as we reported, these types of devices are smuggled and are not voluntarily delivered by Apple. In addition, only security researchers who participate in the Apple reward program should have access to this hardware.
According to a source familiar with Apple’s plans, such devices «allow the user to do much more than they could on a traditionally locked iPhone».
In this way, it will be possible, for example, to probe parts of iOS that are not “unlocked” on a commercial iPhone; in particular, these gadgets Specials can allow researchers to “freeze” the processor and inspect the device’s memory for vulnerabilities.
In addition to enabling flaws in your system to be discovered even more quickly, this tactic can also hopefully reduce the number of pre-production devices that “leak” into parallel markets.
Failure reward program on macOS
THE Forbes also reported that Apple is expected to launch a new rewards program, this time targeting macOS. As well as the iOS version, the program would include researchers who would report vulnerabilities in the Macs’ operating system and would receive cash, in addition to other benefits.
Such a program is so fundamental that it makes no sense for Apple not to offer it yet for all its operating systems. Last February, for example, a security researcher detailed a flaw in macOS Mojave (10.14.3) capable of giving access to user passwords stored in Key Access (Keychain Access), but he just didn’t share the information with Apple initially due to the lack of a rewards program for macOS.
Apple is also expected to present the new fault reward program found on macOS this week, during Black Hat.
via 9to5Mac
