Apple opens bug program for cloud service underpinning Intelligence – Security


Apple has opened a bug bounty program for the compute service that underpins its Apple Intelligence service, offering up to US$1 million ($1.5 million).



The program is designed to put Apple’s private cloud compute (PCC) service through its paces, a step Apple hopes will “build public trust in the system”.

The company has made resources, including a virtual research environment, available to “all security and privacy researchers – or anyone with interest and a technical curiosity.”

The largest bug bounties are reserved for bugs that enable “arbitrary code execution with arbitrary entitlements”, or that allow “access to a user’s request data or sensitive information about the user’s requests outside the trust boundary.”

But Apple added that it “will consider any security issue that has a significant impact to PCC for an Apple security bounty reward, even if it doesn’t match a published category.” 

“We’ll evaluate every report according to the quality of what’s presented, the proof of what can be exploited, and the impact to users,” it said.

It added: “We believe private cloud compute is the most advanced security architecture ever deployed for cloud AI compute at scale, and we look forward to working with the research community to build trust in the system and make it even more secure and private over time.”



Source link