Yes, Apple is offering a bounty of UP TO $200k to expose vulnerabilities within its own products. While that may seem a lot. Probably take me three years to come by that honestly. I can assure you that to Apple it”s mere pocket change. That’s also the maximum. The bounties start at as little as $25k. This announcement was made yesterday at a Black Hat security conference in Las Vegas by the head of security engineering and architecture at Apple, Ivan Krstić.
This is also a closed program (Apple has better control of leaks that way) but anyone can submit flaws as long as they can prove them. They must have a “working proof of concept” and “disclosure must be coordinated with Apple”. Of course it does. This kind of money really seems to be peanuts compared to what would be available if the exploit was sold to a third party. I’m sure the Chinese would be interested as well as many others. Timmy didn’t think this through, it would appear that he thinks the Blackhats would come to him when already others have paid out (or offered) millions for iOS exploits and jailbreaks. Just look to the San Bernardino terrorist fiasco and the rumoured $1 000 000 the FBI paid out for that hack. Remember… the only way to make an iPhone closely resemble a smartphone in functionality is to make is completely worthless (security wise) by jailbreaking it. The bounty progarm will begin next month with a select few people that Apple has used before.
I think Apple is desperately trying to appear as if they are actively trying do something about security. If they really cared about the private information that their users shuffle through their clouds and servers they would have taken an approach more like the one BlackBerry has with Dtek and securing android.