Apple’s bug bounty program prompts frustration in security community


Protect Your Access to the Internet

Apple’s bug bounty program offers $100,000 for attacks that gain “unauthorized access to sensitive data.” Apple defines sensitive data as access to contacts, mail, messages, notes, photos or location data. While Owens’s hack didn’t allow access to those specific areas, Owens and others in the industry argued that the data hackers were getting was, indeed, sensitive. Owens created a hypothetical attack that gave hackers access to the victim’s files. He said in an interview that it could have hypothetically allowed hackers to access corporate servers, if the target computer were used by a corporation. That would be valuable in use for ransomware attacks, for instance.