California: Apple has revealed a bug bounty scheme that will pay up to $1 million to the successful hacker of the servers that power its soon-to-be Apple Intelligence service.
A key component of Apple’s AI-powered service, which is scheduled to formally launch next week, the program, unveiled last week, intends to thoroughly evaluate the security of servers that would handle specific Apple Intelligence requests.
Apple is seeking security professionals, hackers, and researchers to find potential flaws to improve the security of its Private Cloud Compute (PCC) servers, which process data when requests exceed a device’s capabilities.
Apple has taken proactive steps ahead of this launch, such as building a Virtual Research Environment (VRE) for security studies and allowing privacy experts to see its servers.
Apple has released a Private Cloud Compute Security Guide that provides additional support by describing PCC’s architecture, including request authentication, software security in Apple data centers, and PCC’s defense against cyberattacks.
Also read: Task Automation: Google to Unveil Project Jarvis AI Model
This guide provides crucial information about Apple’s data-handling procedures, which are intended to prevent unwanted access and protect private user information.
In a Mac-based setting, Apple’s VRE enables users to delve deeper into the inner workings of PCC’s software.
The VRE allows researchers to examine every release of PCC software, examine security patches, and even work with the source code, some of which Apple has made available on GitHub.
The goal of the million-dollar reward is to fix weaknesses in three main areas:
- Accidental Data Disclosure
Errors in server configuration or design that may result in unintentional data exposure are known as accidental data disclosures.
- External Compromise via User Requests
Weaknesses that would enable attackers to obtain unauthorized access to PCC by taking advantage of user requests.
- Physical or Internal Access Breaches
Vulnerabilities in PCC’s internal interfaces that can let unauthorized users compromise the system
Even if a security flaw doesn’t fall under a published category, Apple says it will nevertheless consider giving money for any security flaw that has a major effect on PCC.
Also read: Apple Introduces ‘Apple Intelligence’ Across All Devices
This is where the business will assess your report based on the impact on users, the quality of your presentation, and evidence of what may be exploited.
The Apple Security Bounty page has more details about Apple’s bug bounty program and how to submit research.
