Google Project Zero security researcher Ian Beer recently discovered bugs in iOS that could rake in $1.23 million in bounties from Apple. Unfortunately, the bounty program set up by Apple is invite-only unlike similar programs by other developers which are open. With Apple offering double the bounty amount when donated to charity, Beer could have received almost $2.5 million if he was part of Apple’s program and donated it to charity.
Project Zero is a Google undertaking that employs security researchers for finding bugs in software built by other companies. Google’s developers were responsible for identifying bugs in iOS and offered Apple 90 days to fix the bugs before they would be publicly disclosed. Apple patched the bugs, but Beer claims that Apple did a bad job at fixing them.
Hi @tim_cook, I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to @amnesty? pic.twitter.com/VUKj7BaJ4P
— Ian Beer (@i41nbeer) August 8, 2018
It is unknown why the Google developer went public with his comments about Apple and its handling of vulnerabilities. Beer openly slammed Apple at the end of a Black Hat conference in Las Vegas because the company did not invite him into the bounty program. Apple has not yet made an official statement about Beer’s claims for a bounty.
Researchers can earn exponentially more than Apple’s $200,000 bounties by selling bug reports to governments or firms that crack Apple’s devices. Bounties can go up to $3 million if day-zero exploits are found in either iOS or macOS. If Apple decides to fulfill Beer’s claims, the company will have to donate almost $2.5 million to charitable organization Amnesty as per the Google hacker’s demands.
Do you think Apple should pay a charitable bounty for the bugs found by Google? Let us know in the comments below. Also, to get instant tech updates, follow TechNadu’s Facebook page, and Twitter handle.