View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 12, 2019

Apple Will Pay a Cold $1M for iOS Zero Days: Check Point Says…

Bug bounty programmes are paying out more...

By CBR Staff Writer

Security firm Check Point says it has found a way to hack every iPhone and iPad running iOS 8 right up to betas of iOS 13: that’s approximately 1.4 billion devices.

Demonstrated at DEF CON 2019, the security researchers exploited a vulnerability in the industry-standard SQLite database; tricking a device user searching their contacts into running malicious code that can steal sensitive user data like passwords.

In a 4,000-word report seen by AppleInsider, the company documented how it replaced a part of Apple’s Contacts app, relying on a known, four-year-old bug.

“Wait, what? How come a four-year-old bug has never been fixed?” write the researchers in their document, as reported by AppleInsider.

See also: Invitation Only “Azure Security Lab” Will Pay Out $300k for VM Escapes

“This feature was only ever considered vulnerable in the context of a program that allows arbitrary SQL from an untrusted source and so it was mitigated accordingly. However, SQLite usage is so versatile that we can actually still trigger it in many scenarios,” they wrote. (Critics noted that the exploit would require existing access to the phone, by which point many of your secrets are moot anyway…)

(As one cynic commented on that report: “’m walking down the street, and someone with a MacBook preloaded with hacking and jailbreaking software, and a decent SQL edit tool; a pair of dark glasses with dots painted on them; a small chemistry lab (in case I have a phone with TouchID) and a Lighting cable, lifts my phone from my pocket without me noticing.  Then he yells, “Hey you!” When I turn around, I realise I’m in for the most bizarre four and half hours of my entire life…”

Apple Bug Bounty

The disclosure does, however, come as Apple introduced a substantial bug bounty programme, with Ivan Krstić, Apple’s head of security engineering and architecture, announcing a major overhaul of the company’s bug bounty program late last week.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

It is now available to all security researchers, rather than being invite only, and will include vulnerabilities in macOS, tvOS, watchOS, and iCloud.

A million dollar bounty is up for grabs for proof of a zero-click, full chain kernel code execution attack. Previously the bounty for zero-click vulnerabilities was set at $200,000. The rise comes as Apple zero days continue to fetch a high price on the grey zero day market, where buyers including nation states pay highly for exploits.

Bug Bounty Hunters Primed to Cash In

Apple was the latest to ratchet up bug bounties, following Google and Microsoft in pledging to pay security researchers more.

Google tripled its financial reward for bugs discovered in Chrome this month, with a critical bug now netting $15,000. Google wrote this month: “On Chrome OS we’re increasing our standing reward to $150,000 for exploit chains that can compromise a Chromebook or Chromebox with persistence in guest mode.”

Microsoft meanwhile launched its Azure Security Lab which will pay hunters’ $300,000 if they can demonstrate a functional exploit that enables escape from a guest Virtual Machine (VM) to the host or to another guest VM.

See Also: Europe to Fund Open Source Software Bug Bounty Programme

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU