Apple Bug Bounty Program Now Open To All, Reward Increased Up To $1.5 Million
Apple has opened a new bug bounty program to any and all security researchers who want to get in on the action.
Previously Apple’s bug bounty setup was only available to specific researchers who had been invited by the company. But now anyone who finds a bug in iOS, macOS, tvOS, watchOS, or iCloud may be eligible to receive cash if they disclose it to Apple.
As part of the new changes, Apple has also increased the maximum bounty from $200,000 per exploit to a massive $1 million depending on the flaw that has been discovered. For those wondering, zero-click kernel code execution will get you the maximum payout.
Apple also says that it will add a 50% bonus to the payouts if someone spots an issue in beta software. That would allow Apple time to get the issues fixed before the software finds its way into the hands of the public. And importantly, it means those discovering the bug could potentially be in for a $1.5 million payday.
The goal of the Apple Security Bounty is to protect customers through understanding both vulnerabilities and their exploitation techniques. Reports that include a basic proof of concept instead of a working exploit are eligible to receive no more than 50% of the maximum payout amount. Reports lacking necessary information to enable Apple to efficiently reproduce the issue will result in a significantly reduced bounty payment, if accepted at all.
Apple has outlined the full program, payouts, and requirements on its developer website.