Apple looking for bounty hunters to find and report vulnerabilities in the company’s products

When Apple’s Ivan Krstić appears at Blackhat USA 2016 to lead a session on “Behind the Scenes of iOS Security,” he will discuss the company’s plan pay huge (up to $200,000) bug bounties to invited researchers who find and report vulnerabilities in certain Apple software. According to 9to5Mac, here’s a breakdown of maximum payments: 

  • Secure boot firmware: $200,000;
  • Extraction of confidential material protected by the Secure Enclave Processor: $100,000;
  • Execution of arbitrary code w/kernel privs: $50,000;
  • Unauthorized access to iCloud account data on Apple Servers: $50,000;
  • Access from a sandboxed process to user data outside of that sandbox: $25,000.

Krstić is head of Apple Security Engineering and Architecture, the group responsible for end-to-end security of all Apple products. He has led the design and implementation of key security mechanisms across Apple platforms.

Blackhat USA 2016 is an annual event for security practitioners of all levels, which will run July 30 to Aug. 2 in Las Vegas. You can register here.