Apple is releasing a macOS bug bounty program for the first time. Despite the fact that other big companies, like Google and Microsoft, have been offering bug bounty programs for a long time, Apple had only been providing financial rewards for iOS, and not for Mac.
That new policy came earlier this year when the 18-year-old cyber-security enthusiast, Linus Henze found the so-called “KeySteal” zero-day macOS vulnerability, refusing to share the details with Apple because they had no bug bounty program for macOS.
According to Henze, the bug could be potentially exploited by hackers to retrieve sensitive data stored in the Mac Keychain app, which might seriously threaten users’ security.
Meanwhile, Apple is reportedly planning to provide security researchers with special iPhones to make finding security loopholes easier.
Sources quoted by Forbes, claim that the new scheme will be part of Apple’s new invite-only bug bounty program which will be presented at the ongoing Black Hat security conference in Las Vegas.
The report is expected to reduce the number of leaked or stolen developer iPhones which are often sold on black market for thousands of dollars.
The report also states that the special iPhones will be developer-oriented, allowing the researchers to access many areas of the operating system which are off-limits on commercial iPhones.
“In particular, the special devices could allow hackers to stop the processor and inspect memory for vulnerabilities”, the report states.
Yet, the special devices will not be as open and accessible as the ones available to Apple’s in-house developers and security experts.