The company’s bug bounty is designed to test the security of the servers that process Apple Intelligence requests, according to ”zdnet.com” .
Think you can hack your way into an Apple server? If so, you could score as much as $1 million courtesy of a new bug bounty. Apple revealed a challenge to test the security of the servers that will play a major role in its Apple Intelligence service.
Though much of the processing for Apple Intelligence requests will occur on your device, certain ones will have to be handled by Apple servers. Known collectively as Private Cloud Compute (PCC), these servers need to be hardened against any type of cyberattack or hack to guard against data theft and compromise.
To give people a head start, Apple has published a Private Cloud Compute Security Guide. This guide explains how PCC works with a particular focus on how requests are authenticated, how to inspect the software running in Apple’s data centers, and how PCC’s privacy and security are designed to withstand different types of cyberattacks.
The Virtual Research Environment (VRE) is also open to anyone vying for the bug bounty. Apple has even published the source code for certain key components of PCC, which is accessible on GitHub.
The program is designed to uncover vulnerabilities across three major areas:
– Accidental data disclosure – Vulnerabilities that expose data due to PCC configuration flaws or system design issues.
– External compromise from user requests – Vulnerabilities that allow attackers to exploit user requests to gain unauthorized access to PCC.
– Physical or internal access – Vulnerabilities in which access to internal interfaces of PCC lets someone compromise the system.
Breaking it down further, here are the amounts Apple will pay out for different kinds of hacks and discoveries:
– Accidental or unexpected disclosure of data due to deployment or configuration issue – $50,000
– Ability to execute code that has not been certified – $100,000.
– Access to a user’s request data or other sensitive user details outside the trust boundary – the area where the level of trust changes because of the sensitive nature of the data being captured – $150,000.
– Access to a user’s request data or sensitive information about the user’s requests outside the trust boundary – $250,000.
– Arbitrary execution of code without the user’s permission or knowledge with arbitrary entitlements – $1,000,000.
Read the full art. on ”zdnet.com” .
Related art.:
– Everything to know about Apple’s AI features coming to iPhones, Macs, and iPads – ”zdnet.com”
– Security research on Private Cloud Compute – ”security.apple.com”
– Apple Offers $1 Million To Hack Private Cloud Compute – ”forbes.com”
Photo: ”freepik.com”