Apple is opening its bug bounty program to all security researchers as well as increasing the systems they are often reported for. And hoo buddy, Apple is prepared to slip them a pretty significant chunk of change for it, too.
Apple’s head of safety for engineering and architecture Ivan Krstić tweeted the information Thursday (the move was previously introduced at Black Hat this year). In a discover on its developer website, Apple notes the Safety Bounty program for iOS, iPadOS, macOS, tvOS, or watchOS. As ZDNet noted, Apple’s bounty program was beforehand invitation-only and individually extended to security points with iOS.
To be eligible, the person should be the first person to report the bug to Apple Product Security; they have to hand over a report that includes a working exploit (Apple says it can solely pay as much as 50 percent of the award without one). They should hold the issue beneath wraps until Apple makes an official security advisory. For this, they will be paid generously.
The maximum payout might be wherever from $100,000 for identifying lock display bypasses and illegal entry to iCloud data on the company’s servers to a whole lot of thousands of and as much as $1 million for varied one-click and zero-click scenarios. According to Apple, there’s a $5,000 minimum payout throughout its varied categories. And positive, Apple may be playing catch-up right here. However, that is a lot of cash, even by the requirements of other bounty programs.