Intel Pays Out Highest Bug Bounty Yet at $100,000

Highest Intel Bug Bounty Payout Yet

Vladimir Kiriansky from MIT became the recipient of the highest payout from Intel‘s Bug Bounty Program recently. He has received $100,000 USD for his efforts. While $20,000 or $30,000 bug bounty payouts are not rare, a pay out in the six figures is big news in the hacker community.

Wow! Intel just paid someone $100K as part of their bounty program. Congratulations to "Vladimir Kiriansky" from MIT!!! "BOUNDS CHECK BYPASS STORE – #CVE-2018-3693" https://t.co/GyHj8nGVkI https://t.co/XpdpJzOZCM pic.twitter.com/A38MtGgUCg

— David Schor (@david_schor) July 10, 2018

Intel’s bounty program offers a range of $500 to $250,000 USD. The value of course, depends on the severity of the vulnerability. Payout is greater for products with less survivability, prioritizing hardware, then firmware and finally software in that order. Intel also prioritizes payouts for those with working exploits rather than just simple vulnerabilities.

What Was The Bug Discovered?

Kiriansky discovered that systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information. This is for any attacker with local user access via a speculative buffer overflow and side-channel analysis.

This vulnerability affects most modern operating systems and is not just affecting Intel hardware. AMD and ARM platforms are also vulnerable.

According to Intel, they work with OS vendors and ecosystem partners to develop updates that help protect systems. They recommending that end users and administrators check with their OS vendors. Additionally, applying any available updates as soon as practical.