Apple’s bug bounty program is still in its infancy and it seems to have hit a roadblock already. Here’s why renowned security researchers are steering clear of selling their exploits to Apple.
Table of Contents
iOS Exploits are too valuable to report to Apple
According to several notable hackers, Apple’s bounty is not “enough” for them. They feel they deserve more for cracking the most secure operating system and rightfully so.
Here’s the current rate of various different vulnerabilities according to Saurik.
At #BlackHat2016, Apple just announced a new Security Bounty program and has promised to prioritize pushing updates. pic.twitter.com/1jXW1tNMrb
— Jay Freeman (saurik) (@saurik) August 4, 2016
To be very honest, this amount is quite low as compared to information security firms that offer bounties to the tune of millions. Subsequently, hackers avoid Apple and turn to the gray market for selling their valuable exploits.
Companies such as Zerodium, Zimperium, and other companies have already jailbreak developers a whopping $1.5 million! According to several leaks, even CIA pays huge amounts of money for buying exploits from hackers.
For this very reason, hackers prefer to go the unofficial route and sell their exploits for a sweet paycheck.
Hoarding Exploits for Further Research
Apple’s operating system is highly secure and security vulnerabilities are extremely difficult to find.
Not all hackers are in it for the money, some of them continue finding exploits for research purposes.
Selling their bugs to Apple means they will be fixed in the very next software update. Hoarding bugs jailbreak hackers them to combine different bugs and create significantly powerful exploits. The more powerful the bug, the higher the bounty.
Apple has already invited some of the best iOS hackers in the world, including Luca, to their headquarters in Cupertino. However, nothing fruitful emerged from their meeting as Luca went ahead and released Yalu jailbreak instead of selling his exploits to Apple.
If Apple is really serious about their bug bounty program, they will need to shell out a bit more compared to what they offer now.
For more jailbreak scene news and exploits, follow us on Facebook and Twitter.