- Apple now offers $ 2 million to zero-click RCE error in its devices
- Zero-click attacks require no user interaction and is often used in cyber-espionage
- Revamped Bug Bounty Program includes new categories, bonuses and payouts up to $ 5 million
If you want to earn a cool $ 2 million all you need to do is discover a zero-click-fermental code performance (RCE) vulnerability in an Apple device.
Yes, it’s as difficult as it sounds, and that’s why Apple doubled the bounty of zero-click-click-clicks, which it previously offered up to $ 1 million in rewards.
Security researchers can also earn a million dollars to find one-click-distant attacks, wireless proximity attacks, broad unauthorized iCloud access errors and webkit utilization of chains leading to unsigned execution of arbitrary code.
“Hitherto unseen” amount
The upgraded rewards come as part of Apple’s new, completely renewed Bug Bounty program with new categories, new reward structure and higher payouts.
Zero-click vulnerable is, as the name suggests, those that can be exploited with zero clicks by the victim’s side. Usually, driving malware on a device requires at least one single click from the victim, such as running a program or giving certain permissions.
Zero clicks are infinitely more dangerous as they can be abused, even if the victim is both conscious and security expert, and does absolutely nothing to put themselves in harm.
An example of a zero-click attack would be to send a specially designed MMS message to the victim that gives attackers access even if the user does not read it. These vulnerabilities are few and far in between and are usually secretly geared by state-sponsored actors dealing with cyber espionage.
“This is an unprecedented amount in the industry and the largest payment offered by any bounty program we are aware of -and our bonus system that provides additional rewards for Lockdown -Mandet Turns and vulnerabilities discovered in Beta Software can more than double this reward with a maximum payout beyond $ 5 million,” said Apple. “
Serious money can also be earned by discovering attacks on locked devices with physical access, app sandbox -flight defects, a -Click webkit sandbox escape error and complete gate guards -without user interaction.
Via Bleeping computer
Follow Techradar on Google News and Add us as a preferred source To get our expert news, reviews and meaning in your feeds. Be sure to click the Follow button!
And of course you can too Follow Techradar at Tiktok For news, reviews, unboxings in video form and get regular updates from us at WhatsApp also.
