Apple offers $1 million to hackers who can breach intelligence servers

Oct 29, 2024

Apple has announced a bug bounty program offering up to $1 million to anyone who successfully hacks into the servers behind its upcoming Apple Intelligence service.

Revealed last week, the program aims to rigorously test the security of servers that will process certain Apple Intelligence requests, a vital part of Apple’s AI-powered service set to officially launch next week.

To enhance the security of its Private Cloud Compute (PCC) servers, where data processing will occur when requests exceed a device's capabilities, Apple is inviting security experts, hackers, and researchers to identify potential vulnerabilities.

Apple has taken proactive steps ahead of this launch, including opening its servers to privacy experts for inspection and deploying a Virtual Research Environment (VRE) for security analysis.

For added support, Apple has published a Private Cloud Compute Security Guide detailing PCC’s architecture, including how requests are authenticated, how software runs securely in Apple’s data centers, and PCC’s defense against cyberattacks.

This guide offers critical insight into Apple’s data-handling protocols, designed to resist unauthorized access and safeguard sensitive user data.

With its VRE, Apple allows participants to dive deeper into the inner workings of PCC’s software in a Mac-based environment.

The VRE enables researchers to inspect each PCC software release, analyze security updates, and even interact with the source code, some of which Apple has published on GitHub.

The million-dollar bounty is organized to address vulnerabilities across three key areas:

  1. Accidental Data Disclosure: Flaws that could lead to inadvertent data exposure due to server configuration or design errors.
  2. External Compromise from User Requests: Vulnerabilities that would allow attackers to exploit user requests and gain unauthorized access to PCC.
  3. Physical or Internal Access Breaches: Flaws in the internal interfaces of PCC that could allow unauthorized individuals to compromise the system

However, Apple promises to consider awarding money for any security issue that significantly impacts PCC even if it doesn't match a published category.

Here, the company will evaluate your report based on the quality of your presentation, proof of what can be exploited, and the impact on users.

More about Apple's bug bounty program and instructions to submit research on Apple Security Bounty page.

menu