Published: Tue, August 13, 2019
Tech | By

Apple offers $1 million bounty for spotting iPhone security flaws

Apple offers $1 million bounty for spotting iPhone security flaws

CBS News reports it's part of the tech giant's bug bounty program.

Picked up by AppleInsider, security firm Check Point has revealed it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13.

However, the bigger problem is why the Contacts app is so vulnerable. Whenever you look up information or search for a contact on your device, you are in all likelihood searching an SQLite database. But a known bug that Apple hasn't fixed in four years has been exploited by security researchers to hack the Apple Contacts app and produce malicious results.

Since the Contacts app is a "trusted source" on iOS, once the researchers replaced a specific component of the Contacts app, the malicious code could be activated and carry out the hacker's commands with iOS being none the wiser. They picked it crashing the app but could have made something to steal passwords, say.

According to the Mashable reports, people capable of bypassing iPhone's lock screen while having physical access to the device will be rewarded $100,000 and those who can execute a kernel code through an installed app will be paid off $150,000 as a reward. But the usage is so versatile that they can trigger it on so many levels.

Apple runs a very tight ship and, like it or not, iOS is considered one of the most secure platforms in the mainstream consumer market.

This year alone has seen Apple exposed by a variety of flaws and vulnerabilities that could impact their users. One of the bugs allowed hackers to gain access to your iPhone or iPad by sending you a text message.

Apple is offering hackers up to $1 million to hack into their iPhones and tell the company how they did it. He declined to inform Apple the details of the vulnerability, though, to protest the fact that its bug bounty project only pays out for iOS errors and not for macOS flaws.

Back in 2016, Apple launched its first bug bounty program only for its iOS. The hackers have also built-in persistence, which means that a restart won't rid the iPhone of the malware and thus evades Apple's Secure Boot feature.

Like this: