[HN Gopher] Apple Security Bounty. Upgraded
___________________________________________________________________
Apple Security Bounty. Upgraded
Author : crecker
Score : 76 points
Date : 2022-10-27 20:09 UTC (2 hours ago)
(HTM) web link (security.apple.com)
(TXT) w3m dump (security.apple.com)
| AJRF wrote:
| Apples copywriters make everything the brand says sound smug.
| e.g;
|
| "iPad. Loveable. Drawable. Magical"
|
| "iPhone 14 Pro. Pro. Beyond"
|
| And now;
|
| Apple Security Bounty. Upgraded.
| dagmx wrote:
| This is also part of a new Security Research page
| https://security.apple.com
| capableweb wrote:
| > Shell access is available, and you can run any tools, choose
| your own entitlements, and even customize the kernel.
|
| Wow, I want one of this just for fun, sounds like what I want my
| normal iPhone to be able to do
|
| > Have a proven track record of success in finding security
| issues on Apple platforms, or other modern operating systems and
| platforms.
|
| Well, that put a stop to my dream...
| bumblebritches5 wrote:
| brian_herman wrote:
| Wow the Security research device looks awesome!
| https://security.apple.com/research-device
| klabb3 wrote:
| Looking at the list of approved countries.
|
| Israel not present. Probably because of NSO. Quite hilarious.
| ChrisMarshallNY wrote:
| They discussed that, at one of the latest dub-dubs. I think
| last year.
|
| It's basically an "officially cracked" iPhone.
| londons_explore wrote:
| > we've grown our team and worked hard to be able to complete an
| initial evaluation of nearly every report we receive within two
| weeks, and most within six days.
|
| At other big tech companies, an initial evaluation of a security
| report will be done in 15 minutes... And if it's important,
| people will be woken up and a workaround will probably be
| deployed in a matter of hours...
|
| For example, the Google security bug form[1] says "This option
| might really get someone out of bed."
|
| [1]: https://www.google.com/appserve/security-bugs/m2/new
| lapcat wrote:
| This statement did seem strange. However, I sent in a report to
| Apple Product Security a week ago, and I received a personal
| response within 48 hours saying that they reviewed my report.
| st3fan wrote:
| This is nonsense. Nobody verifies security reports of any
| significance in 15 minutes.
| runjake wrote:
| It's a lot of talk, but I doubt Apple's honesty here.
|
| See also Gui Rambo getting a measly $7,000 for a couple of fairly
| serious vulnerabilities.
|
| https://news.ycombinator.com/item?id=33348013
| twosdai wrote:
| Yeah I love the idea of bug bounties, however there is this
| issue created when the provider cannot offer the most
| competitive price for bounties. It's no secret that nation
| states will pay more than Apple will for vulnerabilities.
| [deleted]
___________________________________________________________________
(page generated 2022-10-27 23:00 UTC)