Apple announces $200,000 bug bounty program
Unlike many of the other major tech companies, Apple has never had a formal bug bounty program or corporate policy for welcoming outsiders who poke holes in their security features. However, as TechCrunch reports today, Apple’s head of Security Engineering and Architecture Ivan Krstic announced at Black Hat that his company will now offer cash bounties of up to $200,000 for hackers and researchers who find and report security flaws in Apple products.
The announcement came during Krstic’s larger talk about the security features built into some of Apple’s newest services. The company usually sits out the popular security conference in favor of keeping big announcements limited to WWDC. The company now says they’ve reached the point where its own internal testers and even contract security firms are having difficulty finding more bugs.
According to Securosis CEO and iOS security analyst Rich Mogull, the bounty is “the largest potential payout I’m aware of,” but also fairly limited in scope: the guidelines focus on a very specific set of vulnerabilities and Apple is currently working with a select list of researchers. (Although, the company says if someone outside the initial group finds a bug, they can easily be included in the program.) The highest level bounty covers bugs found in secure boot firmware components, but there are also smaller bounties for gaining unauthorized access to things like iCloud account data — a major talking point after the infamous celebrity photo hack.
While $200,000 might be high for an official corporate bounty program, it’s still only a fraction of a payout like the $1 million the FBI reportedly paid hackers to break into an iPhone owned by one of the shooters involved in the San Bernardino incident last year. And such high bounties can also be detrimental to security research in general. On the other hand, Twitter is a more secure place thanks to some $322,420 in bounties it has handed out over the past two years, and a bug bounty from Instagram made one 10-year-old Finnish kid $10,000 richer.
Microsoft just changed its toy gun emoji to a real pistol
Looks like Microsoft and Apple may not be on the same page about firearm emojis afterall. Right after Apple changed its gun emoji to a water pistol in iOS 10, Microsoft replaced its toy pistol emoji with an actual revolver.
Pushed out with its Windows Anniversary Update on Aug. 2nd, the new glyph is part of a major emoji redesign that Microsoft detailed in a blog post. Before this, the company’s representation for a gun looked more like a space toy, while the new image is a more realistic silver-and-grey revolver.
Left – Windows 8.1 gun. Right – New Windows 10 gun. Photo credit: Emojipedia
When asked for the reason behind this change, a Microsoft spokesperson told us, “Our intent with every glyph is to align with the global Unicode standard, and the previous design did not map to industry designs or our customers’ expectations of the emoji definition. We will continue to work with the Unicode Consortium to refine and update glyphs that reflects customer needs, feedback and supports a consistent system that works across the digital world.”
That’s not the only thing Microsoft revamped in its massive update. In addition to introducing more than 1700 new symbols, the new Windows emoji let you mix and match skintones so you can create more diverse glyph families.
While Apple and Microsoft have gone back to edit their symbols, Google continues to use a pistol in Android keyboards and doesn’t appear to have plans to change this. None of the companies in question have adjusted their knife, sword, bomb, poison and coffin emojis, so… ¯_(ツ)_/¯
Via: Emojipedia
Apple Launches Bug Bounty Program, Offers Up to $200,000 for Software Vulnerabilities Discovered
At today’s Black Hat Conference, an annual event designed for the global InfoSec community, Apple’s head of security engineering Ivan Krstic announced the launch of a bug bounty program that will see Apple paying money to individuals who discover major bugs and security flaws in the company’s software.
Many major technology companies like Google and Microsoft offer bug bounty programs to encourage people to discover and report major vulnerabilities, but until now, Apple has declined to provide a similar program.
At #BlackHat2016, Apple just announced a new Security Bounty program and has promised to prioritize pushing updates. pic.twitter.com/1jXW1tNMrb
— Jay Freeman (saurik) (@saurik) August 4, 2016
According to TechCrunch, Apple’s new bug bounty program is part of Apple’s effort to open up to hackers, researchers, and cryptographers who want to help improve the company’s security.
Apple will be offering bounties of up to $200,000 to researchers depending on the vulnerability that’s discovered. Secure boot firmware components will earn $200,000 at the high end, while smaller vulnerabilities, like access from a sandboxed process to user data outside of the sandbox, will earn $25,000.
Although each category of vulnerability maxes out at the given rate, Apple will determine the exact reward amount based on several factors: the clarity of the vulnerability report; the novelty of the problem and the likelihood of user exposure; and the degree of user interaction necessary to exploit the vulnerability.
Apple plans to launch its program in September. To be eligible for a reward as part of the program, researchers will need to provide proof-of-concept on the latest versions of iOS and the company’s newest hardware. Apple will also encourage researchers to donate their earnings to charity and will match all bug bounty donations.
The program will be invite only for the time being, limited to a few dozen researchers. Apple plans to make it more open as it grows, and if a non-member discovers a significant bug, they’ll be invited to the program.
Discuss this article in our forums
Latest Apple TV rumor points to a TV guide for video apps
At the WWDC 2016 event, Apple revealed a number of improvements on the way for the Apple TV, including a new feature called single sign-on. That would let cable TV subscribers log in once, and immediately have all their supported apps authorized without needing to log in (often repeatedly) within each individual app. Now Recode cites industry sources saying that Apple is working on “digital TV guide” for the Apple TV and its other devices that would display content from sources like Netflix and HBO all in one place.
The plan is described as growing from Apple’s previously rumored plan to offer a TV package of its own. In this iteration, Apple wouldn’t sell content, just create a showcase for others, and it has reportedly requested metadata from the providers to fill out its guide.
The Xbox OneGuide at launch in 2013.
If the plan comes to fruition, then Apple will be retreading ground covered by others. Microsoft may have the most ambitious attempt with the Xbox One’s OneGuide that blends live TV and apps while relying on an HDMI passthrough and IR blasters to pull in content from the cable box, but the UI and universal search on devices like Amazon’s Fire TV and the Roku platform serve similar functions.
Apple already set up its move by bringing the Siri remote and voice search with its new Apple TV box, and when it announced single sign-on in June it mentioned the feature would work on iOS as well. The major remaining questions are if customers will be able to use the feature, and if they can, will they want to? On Xbox, Microsoft had limited success working with the cable TV guard. It did manage to get Comcast to allow logging in with HBO Go and other apps, but Comcast killed its Xbox 360 app after a while, and Verizon’s FiOS TV app for Xbox One suffered a similar fate earlier this year.
The revamped OneGuide that launched last year.
Apple’s challenge could be to build a guide that’s easier to access than simply diving into apps like Netflix or Hulu and poking around there. On Xbox, app channels do a good job of highlighting what’s best inside each app, but they’re not especially personal or deep. The OneGuide got a lot of attention during the Xbox One’s initial introduction a few years ago and is a big part of the new experience rolled out at the end of 2015, but it didn’t merit a mention in details of the latest mid-year update.
I don’t even see an app channel for Netflix on my Xbox One, and securing support from such a major provider would be key for Apple to launch any kind of guide. The only problem is getting all of those different providers to accept sharing space in a UI that none of them control — good luck doing that.
Source: Recode
Calvin Klein thinks Apple was paid fairly in Samsung patent case
The exhausting brawl between Apple and Samsung over patents simply refuses to die the horrible, gruesome death it deserves. Samsung is the more bloodied, you may recall, having paid Apple a $548 million settlement for violating a bunch of patents (not that Cupertino is done squeezing money from the Korean company). That big payout is due to be reviewed and potentially reduced by the US Supreme Court, however, with Samsung arguing it shouldn’t have had to hand over every cent of profit it made on devices that were found to specifically infringe Apple design patents. Naturally, Apple disagrees, and now it’s got none other than Calvin Klein fighting in its corner.
The underwear mogul, seminal designer Dieter Rams and architect Lord Norman Foster are some of the better-known names among over 100 signatories of an amicus brief published today by Apple (PDF). These documents are submitted to courts as supporting evidence — supporting Apple’s agenda, in this instance — and often feature the opinions of interested parties that aren’t directly involved in the case at hand. Unsurprisingly, the key takeaway of the report is the Supreme Court shouldn’t revisit the settlement after “the jury properly awarded to Apple all of Samsung’s profits from selling its copycat devices.”
The amicus brief gives us a bitesized history lesson on the importance of product design. Coca-Cola wouldn’t have become “the most widely distributed product on earth” if its contoured bottle hadn’t contributed to its appeal, is one example. Similarly, General Motors would never have outpaced Ford if it hadn’t focused on attractive vehicle designs. The document goes on to argue design has never been more important, since tech products like smartphones all do more or less the same thing. “The iPhone did not fundamentally alter the core functionality of the smartphone.”
Take that quote with a pinch of humblebrag, though, as Apple does go on to say that the design of the iPhone is what elevated it so very far above competing products. Add in a ton of cognitive science research, and the message is that design is basically the only thing that gives a device meaning. A consumer doesn’t see components, features or functionality; their initial impressions are rooted in visual design. In other words, they judge a book by its cover. “Appearance becomes identified with the underlying functional features and with a particular level of product quality and safety.”
“Thus, when a consumer encounters a known product (or an infringing copy), the consumer identifies the look of the product with the underlying functional features.” Apple is saying here: Yes, we were entitled to the total profits from infringing Samsung devices because everything that makes iPhones great is embodied by their design. Samsung was piggybacking on Apple’s legacy, and profiting. “Indeed, Samsung’s infringement covered the most important design elements of the iPhone. The rectangular face with rounded corners, and the home screen with colorful icons…”
This is just Apple’s position, of course, which is apparently shared by numerous designers, relevant academics, experts and the like who would rather not see the value of design patents eroded by a partial refund. “We all share a strong professional interest in seeing that design patent law continues to protect investments in product design.”
Much like lobbying, the extent to which amicus briefs effect court proceedings is indeterminable. This document was put together by Apple in support of Apple’s interests, after all, but it’s also just one to Samsung’s many. In fact, seven pro-Samsung amicus briefs have been submitted thus far, including one undersigned by Google, Facebook, Dell, HP, eBay and other tech companies. You see, there is widespread worry that awarding the total profits for products deemed to violate design patents sets a dangerous precedent.
Samsung likens it to handing over profits on the sale of a car with a patent-infringing cup holder. It’s the obvious counter-argument: That design is just one element of a product, not the be all and end all. Furthermore, such cases could inspire trolls that will attempt to take credit for a complex piece of hardware or software based on one relatively inconsequential design similarity. It’s important to note that even the Department of Justice has chimed in with a (neutral) amicus brief of its own, recommending the case be sent back to a lower court so more evidence can be collected to inform a verdict.
Whichever way the cookie crumbles, it’ll be interesting fuel for patent reform debate, and it’s important that it’ll be decided in the Supreme Court. It’s basically unheard of for design patent cases to be decided at this level — the first in over 120 years, to be more precise.
[Inline image credits: Janitors/Flickr & Shutterstock / Brandon Bourdages]
Source: Apple (PDF)
Gwyneth Paltrow and Will.i.am join Apple’s reality TV show
Planet of the Apps, Apple’s first leap into the TV content pool just snagged a couple of big names. The show, which will follow an unscripted reality TV format, is set to feature famous lady Gwyneth Paltrow, rapper Will.i.am and digital media personality Gary Vaynerchuk as advisors and mentors to a class of entrepreneurs and app developers.
For the uninitiated, Vaynerchuk was an early luminary on the social web and currently heads up his international Vaynermedia agency as CEO. Will.i.am, joined the show as a producer early on, and makes a natural fit because he loves both punny titles and technology. While Gwyneth Paltrow might be better known for promoting moon dust than coding in Swift, she has undeniably re-branded herself as an internet entrepreneur with a successful lifestyle publication and thriving online business. (Also, she and Steve Jobs named their babies after the same fruit.)
The show starts filming later this year, but applications remain open until August 26th — which means developers looking for a little extra exposure for their work will want to buckle down. Chosen contestants need to have their app in working order by October 21st to be eligible. (Betas are OK, though.) In total, 100 developers will make the cut and and receive “hands-on guidance” from Will.i.am, Paltrow, Vaynerchuk and other tech and entertainment luminaries. Naturally, they’ll also have the chance to meet with potential backers to discuss investments up to $10 million and possibly see some featured placement in the App Store.
Aside from Planet of the Apps, which looks on track to debut sometime mid–2017, Apple is also working on another piece of original programming: a six-part music documentary with Vice called The Score. But, as Apple senior VP Eddie Cue said earlier this year, the company has no plans to become a production house anytime soon.
Launch of Revamped Apple Store iOS App Appears Imminent
It appears that Apple’s revamped Apple Store app for iOS is set to go live at any moment, as signs of the new app have begun appearing on Apple’s sites and in the App Store.
As noted on Twitter, a new featured banner promoting the app with a color-reversed icon has gone live on the Turkish App Store, while we also spotted it in the United Arab Emirates App Store. The banner text promotes “the new Apple Store app” with “shopping designed around you.”
Earlier today, Apple also added a new “Easily track your order” section to its Shipping and Pickup page, showing off a partial order tracking screen.
The new app should be going live shortly, but Apple has not made any official announcement about its launch plans.
Discuss this article in our forums
Apple Music for Android is officially out of beta
For the past 10 months, Apple Music’s Android version has been sitting in Beta. That changes with the 1.0 update that just hit the Google Play Store today. While the latest version fixes some bigs and adds the long-missing custom equalizer feature, users still won’t be able to get Apple Music running on an Android tablet.
Although it was initially identical to its iOS counterpart, Apple has been slowly adding features to the Android version of its music app to take advantage of non-Apple hardware. Earlier this year, the Android version got a homescreen widget and the ability to save offline music to SD card storage. On the other hand, that missing equalizer was likely a symptom of porting the app from iOS, where that feature is tucked away in the Settings app.
The new version is available via Google Play, and if you’re anticipating streaming Frank Ocean’s latest once it hits the service later this week, the free three-month trial offer still stands.
‘Pokémon Go’ battery saver mode will return to iOS soon
Day by day Niantic Labs keeps tweaking its incredibly popular game, and now Pokémon Go is rolling out to players across Central and South America. No matter where you’re trying to catch ’em all, if you’re on iOS you can expect the”battery saver” mode to return in the next several days. According to a Facebook post it was pulled because of bugs, but now that they’re fixed it’s coming back.
Also, if you were wondering about supposed sightings of Legendary Pokémon Articuno, Niantic says it was real but “erroneous” and the monster has been revoked from those trainer’s accounts. Otherwise, new features and fixes are still on the way, but continuing the game’s worldwide rollout is more of a priority and will probably continue before we see any other rare items pop up. Of course, players also want to know if the 3-step detection legend will return, or access for third-party trackers, but we suspect that’s also on the backburner as developers work to keep the game up and running smoothly.
Source: Pokemon Go (Facebook)
iPad Pro’s Smart Keyboard is available in your local language
The iPad Pro’s Smart Keyboard is arguably its main selling point, but it hasn’t been much good if you aren’t North American — you’ve had to rely on a US English layout so far. Thankfully, you won’t have to go through hoops to type in your native language after today. Apple has released versions of the Smart Keyboard in numerous languages, including many European languages (such as British English, French, German and Spanish) as well as Arabic, Korean, Thai and others. The keyboards you can buy depend on the store you buy from, so you can’t just get one in the language of your choice. Even so, it beats having to use the on-screen keyboard to express yourself.
Source: Apple
AIVAnet 