Apple is so confident in the level of security of its Private Cloud Computing that it will reward anyone who manages to breach it up to $1 million.
Apple Intelligence is one of the most important efforts from the Apple brand to offer the best artificial intelligence in the world on Cupertino devices. Although it was criticized, both for its late arrival and for the late launch of the announced functions, What cannot be criticized is the level of security it has implemented for its users and requests.
Apple will reward you if you manage to find a vulnerability in its CCP
Let us remember that processing requests that users make with Siri or the use of Apple Intelligence will be done on the device. If more powerful processing is required, the request should be sent to cloud servers which in this case is part of Private Cloud Compute. Apple’s security guarantee states that The data will only be used to respond to the requestthey will not be stored and no one will be able to access them.
Craig Federighi, head of software at Apple, is aware that the brand’s strategy is to implement AI functions when they are really ready. They are so confident in the level of security they offer that they have invited hackers and security professionals to challenge the security offered by PCC..
Apple Private Cloud Computing
According to the Apple Security Bounty rewards program:
We are deeply concerned about any risks to user privacy or security, which is why we will consider any security issues that have a significant impact on PCC. We will evaluate each report based on the quality of what is presented, the evidence of what can be leveraged, and the impact on users.
In this sense, The awards program has been expanded and categories announcedalready existing, like new, which we present to you below:
- Accidental data disclosure: vulnerability that causes a unintentional data exposure
- External compromise due to user requests: vulnerabilities allowing external actors exploit user requests to gain unauthorized access to PCC
- Physical or internal access: vulnerabilities where access to internal interfaces allows the system to be compromised
Amounts vary from $50,000 to $1,000,000.
Apple Intelligence in its presentation at WWDC 2024
The categories are divided into two, The least rewarding is the attack category on network data requests. Disclosure of data rewards $50,000, ability to execute code rewards $100,000, and requests for access to user data up to $150,000.
The category that rewards the most is remote attack on requested data. Accessing user data via request earns $250,000 while Arbitrary code execution is the maximum reward of $1,000,000.
Apple says it will review any security issues impacting PCCeven if it is not part of the published categories and will be rewarded. It will be evaluated based on its quality, evidence of vulnerability and the impact it represents on users.
Learn more about private cloud computing (PCC) security research.
You can follow iPadized on Facebook, WhatsApp, Twitter (X) or check out our Telegram channel to stay up to date with the latest tech news.
