[HN Gopher] Apple Security Bounty. Upgraded ___________________________________________________________________ Apple Security Bounty. Upgraded Author : crecker Score : 76 points Date : 2022-10-27 20:09 UTC (2 hours ago) (HTM) web link (security.apple.com) (TXT) w3m dump (security.apple.com) | AJRF wrote: | Apples copywriters make everything the brand says sound smug. | e.g; | | "iPad. Loveable. Drawable. Magical" | | "iPhone 14 Pro. Pro. Beyond" | | And now; | | Apple Security Bounty. Upgraded. | dagmx wrote: | This is also part of a new Security Research page | https://security.apple.com | capableweb wrote: | > Shell access is available, and you can run any tools, choose | your own entitlements, and even customize the kernel. | | Wow, I want one of this just for fun, sounds like what I want my | normal iPhone to be able to do | | > Have a proven track record of success in finding security | issues on Apple platforms, or other modern operating systems and | platforms. | | Well, that put a stop to my dream... | bumblebritches5 wrote: | brian_herman wrote: | Wow the Security research device looks awesome! | https://security.apple.com/research-device | klabb3 wrote: | Looking at the list of approved countries. | | Israel not present. Probably because of NSO. Quite hilarious. | ChrisMarshallNY wrote: | They discussed that, at one of the latest dub-dubs. I think | last year. | | It's basically an "officially cracked" iPhone. | londons_explore wrote: | > we've grown our team and worked hard to be able to complete an | initial evaluation of nearly every report we receive within two | weeks, and most within six days. | | At other big tech companies, an initial evaluation of a security | report will be done in 15 minutes... And if it's important, | people will be woken up and a workaround will probably be | deployed in a matter of hours... | | For example, the Google security bug form[1] says "This option | might really get someone out of bed." | | [1]: https://www.google.com/appserve/security-bugs/m2/new | lapcat wrote: | This statement did seem strange. However, I sent in a report to | Apple Product Security a week ago, and I received a personal | response within 48 hours saying that they reviewed my report. | st3fan wrote: | This is nonsense. Nobody verifies security reports of any | significance in 15 minutes. | runjake wrote: | It's a lot of talk, but I doubt Apple's honesty here. | | See also Gui Rambo getting a measly $7,000 for a couple of fairly | serious vulnerabilities. | | https://news.ycombinator.com/item?id=33348013 | twosdai wrote: | Yeah I love the idea of bug bounties, however there is this | issue created when the provider cannot offer the most | competitive price for bounties. It's no secret that nation | states will pay more than Apple will for vulnerabilities. | [deleted] ___________________________________________________________________ (page generated 2022-10-27 23:00 UTC)