Views: 44
Thank you for reading this post, don't forget to subscribe!
Apple has opened up its Private Cloud Compute (PCC) to researchers, offering up to $1 million to anyone who finds a hole in the secure cloud platform that supports its Apple Intelligence features. The first handful of Apple Intelligence features are about to roll out sometime this week.
[W]ith Apple Intelligence, the iPhone maker processes as much data as possible on the device. For more complex requests, Apple’s Private Cloud Compute runs on the the company’s own silicon servers. Built with custom Apple silicon and a hardened operating system designed for privacy, Apple calls PCC “the most advanced security architecture ever deployed for cloud AI compute at scale.”“In the weeks after we announced Apple Intelligence and PCC, we provided third-party auditors and select security researchers early access to the resources we created to enable this inspection, including the PCC Virtual Research Environment,” Apple explained in a new blog titled Security research on Private Cloud Compute. At the same time, the iPhone maker is expanding its Apple Security Bounty to include PCC, with “significant rewards” for reports of issues with its security or privacy claims.
Apple’s bug bounty for PCC is pretty generous. For major holes, which it categorizes as allowing “remote attack on request data,” it is offering $1 million for arbitrary code execution flaws. Meanwhile, access to a user’s request data or sensitive information outside the trust boundary offers a still rather generous $250,000 reward.
For attacks requiring a “privileged position” — access to someone’s iPhone — Apple is offering $150,000 for flaws allowing access to a user’s request data or other sensitive information about the user outside the trust boundary.
Via: Forbes