Higher difficulty means higher rewards: The culmination of that work is what Apple now calls Memory Integrity Enforcement (MIE) and is a feature of its new A19 and A19 Pro chips found in its iPhone 17 and iPhone Air lineup. MIE is leveraged in iOS to protect the entire kernel and over 70 userland processes, making memory corruption exploits against these targets much harder to pull off.It is for that reason that Apple has decided to increase the payouts in its bug bounty program. Researchers must now be even more creative and work even harder to get exploit chains to work on the latest Apple devices.Payouts have increased not just for the top remote code execution chains like those used by commercial spyware vendors. Other classes of attacks, many of which rely on memory corruption conditions combined with other flaws, are receiving bounty boosts starting next month:
$500K for application sandbox escapes ($150K previously)$500K for attacks that require physical access to the device ($250K previously)$1M for proximity attacks through the wireless and radio protocols ($250K previously)$1M for one-click remote attack chains that require user interaction ($250K previously)$2M for zero-click remote attack chains ($1M previously)In addition, individual attack chain components or multiple components that cannot be linked together to demonstrate an attack that meets the criteria above will still be eligible for rewards, but with lower payouts.The company has also introduced so-called Target Flags across the OS that, if “captured” by the researcher, would speed up their payout process even before a fix is developed and released. These target flags are designed to prove the attack reached some level of capability such as register control, arbitrary read/write, or code execution and they enable Apple to verify the impact of a submitted exploit programmatically.Additional bonuses can take the rewards even higher. For example, reporting exploits in development or public beta builds are eligible for a bonus because doing so enables Apple to fix issues before the software is pushed to large numbers of devices. Exploits that bypass the iOS Lockdown Mode protections are also eligible for bonuses.
Sending iPhones to activists to counter spyware: Because Apple believes iPhone 17 devices are now much harder to attack by spyware vendors, they are planning to provide 1,000 free devices to civil society organizations to be distributed to individuals around the world who they determine are at high-risk of being targeted with surveillance exploits.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4071044/apple-bumps-rce-bug-bounties-to-2m-to-counter-commercial-spyware-vendors.html
