Apple Gives Hackers a Special iPhone?And a Big Bug Bounty

Will Strafach, another longtime iOS-focused security researcher, added that it may even incentivize hackers to report bugs to Apple that they might have otherwise sold on the black market, where iOS attacks can often earn seven-figure payouts. Only three years ago did it suddenly shift its attitude toward security researchers, offering bounties as high as $200,000 to researchers who revealed some types of vulnerabilities in the iPhone.But even then, Apple's bug bounty program remained invite-only, open to only a select group of Apple's preferred and trusted researchers. Those black-market bootleg phones, sold for thousands of dollars, offer hackers far more visibility into the deeper guts of the phone without wasting time digging up flaws in its more superficial protections.By offering its new security research devices, Apple has given security researchers—or at least the select few in its invite-only program—a legit device that lets them explore the iPhone's recesses without resorting to the black market. Some researchers have gone so far as to publicly release attacks that exploit vulnerabilities in macOS—such as a Henze's Keysteal attack capable of taking passwords from a Mac's keychain and another attack that uses invisible clicks to bypass macOS security prompts—as a kind of protest of Apple's refusal to pay for those desktop bugs.But those embarrassments may have helped push the company to expand its bug bounty program.