Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers \u2013 along with huge bounties to anyone informing the company of a new OS vulnerability.<\/p>\n
![](\"https:\/\/images.idgesg.net\/images\/article\/2019\/07\/cso_black_hat_hacker_by_matiasenelmundo_gettyimages-823247618_blue_binary_matrix_binary_rain_by_bannosuke_gettyimages-687353118_2400x1600-100802503-large.3x2.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Jonny Evans| Date: Fri, 09 Aug 2019 06:55:00 -0700<\/strong><\/p>\n Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers \u2013 along with huge bounties to anyone informing the company of a new OS vulnerability.<\/p>\n Ivan Krsti\u0107<\/a>, Apple\u2019s head of security engineering provided big insights into Apple\u2019s platform security during his presentation at Black Hat U.S. 2019<\/a>.<\/p>\n He promised much bigger bug bounties and an exclusive new \u2018pre-jailbroken\u2019 iPhone for selected security researchers would be made available next year.<\/p>\n The Apple security chief explained that Apple is aware that lots of security professionals want to examine its devices, but that the high degree of protection makes it a time-consuming task.<\/p>\n The pre-jailbroken device lacks some of the layers of security Apple wraps around iPhones, so it is much easier for researchers to explore these systems for security weaknesses.<\/p>\n The device ships with ssh, a root shell and advanced debug capabilities and will be made available to invite-only members of Apple\u2019s iOS Security Research Device program.<\/p>\n Anyone with a track record of high-quality systems security research on any platform can apply to join this scheme, though Apple will select who it invites.<\/p>\n Similar devices are widely used in Apple\u2019s factories for testing and quality control, which has spawned a black market in them among security researchers, governments and others — they are often spirited out of factories for sale.<\/p>\n The idea is that by opening up the platform a little, security pros will find it worthwhile to probe it for vulnerabilities and the black market in such devices will erode.<\/p>\n Apple understands the value of security on its platforms.<\/p>\n It also recognizes that security research is a business.<\/p>\n As such. it makes sense to motivate researchers to disclose found flaws with the company, rather than competitors or cyber-criminals.<\/p>\n Reflecting this, Apple has raised its maximum bounty from $200,000 to $1 million, with an additional 50 percent paid to researchers who identify a flaw while an OS is still in beta.<\/p>\n The fee scale varies.<\/p>\n For example, a lock screen bypass will fetch $100,000, user data extraction $250,000 while a network attack with no user interaction that an access high-value user data will net a researcher $500,000.<\/p>\n While it is true to say Apple\u2019s platforms are highly secure, they are not invulnerable and those flaws that do exist command huge fees on the dark web.<\/p>\n Criminals, governments and other dubious groups will spend millions on ways to break into iPhones, iPads and Macs.<\/p>\n The hope is that by offering more generous bounties, Apple will take some hitherto unknown flaws out of the market and more quickly learn of new ones.<\/p>\n Apple is offering bounties to researchers who can identify security flaws in Macs, iPads, Apple TV, Apple Watch, iOS and iCloud.<\/p>\n Apple\u2019s rebooted bug bounty scheme begins this fall.<\/p>\n Security researchers have been pressing Apple to widen its bug bounty scheme for some time.<\/p>\n After all, Apple only began offering such a scheme in 2016 and even then only to selected researchers and only for iOS.<\/p>\n During his briefing at Black Hat, Kristic revealed that Apple has learned of 50 serious vulnerabilities during the three years it has offered a bug bounty.<\/p>\n Apple is now open to submissions from all researchers, not just its invited group.<\/p>\n It makes sense to see this as another big step on Apple\u2019s part to kick back against those who use small exploits in its systems to track users, exfiltrate personal data and undermine security for other egregious ends<\/a>.<\/p>\n A string of in the wild iPhone exploits were reported in recent months.<\/p>\n In July, six critical security vulnerabilities originally discovered<\/a> by Google\u2019s Project Zero team were patched in iOS 12.4, these included bugs that could be executed remotely<\/a> on a device without user interaction.<\/p>\n As a general rule, it\u2019s not hard to spot a pattern around security releases and major cyber-security events like Black Hat.<\/p>\n You almost always see platform security patches appear just before the event with another following a little later, patching any fresh vulnerabilities exposed at the show.<\/p>\n This is at least the case on responsible platforms.<\/p>\n Black Hat saw multiple iOS vulnerabilities discussed, many of were previously disclosed to Apple and patched in iOS 12.4.<\/p>\n With 90 percent<\/a> of current iOS devices now running iOS 12, I\u2019d urge any iPhone, iPad or Mac user to upgrade their systems to the latest version of the OS as soon as they can.<\/p>\n Given the nature of this year\u2019s crop of vulnerabilities, enterprise security chiefs should encourage their IT support teams to expedite approval of the latest software update for installation.<\/p>\n Please follow me on\u00a0Twitter<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Credit to Author: Jonny Evans| Date: Fri, 09 Aug 2019 06:55:00 -0700<\/strong><\/p>\n Apple has announced a new iPhone for 2020, but it will only be made available to a select group of security researchers \u2013 along with huge bounties to anyone informing the company of a new OS vulnerability.<\/p>\n Ivan Krsti\u0107<\/a>, Apple\u2019s head of security engineering provided big insights into Apple\u2019s platform security during his presentation at Black Hat U.S. 2019<\/a>.<\/p>\n<\/p>\nProbably the world\u2019s most exclusive iPhone<\/strong><\/h2>\n