Sun. Sep 20th, 2020

Apple Will Now Pay Up to $1 Million for Reporting Bugs

On Thursday, at the annual Black Hat Conference, Apple announced a few changes to its bug bounty program.


First, the tech giant said that it’s expanding its bug bounty program to include Macs and MacBooks, as well as Apple TV and Apple Watch.


Along with expanding the product list, Apple has increased the maximum reward for discovering vulnerabilities from $200,000 per exploit to $1 million for a zero-click, full chain kernel code execution attack with persistence.


So what does this mean? Basically, Apple will pay big bucks if security researchers discover a vulnerability that allows attackers to gain complete control of a phone without any user interaction and simply by knowing a target’s phone number.


Apple also said that any researcher who finds a vulnerability in pre-release builds that’s reported before general release would qualify for up to 50% bonus on top of the category of vulnerability they discover.


The new bug bounty program will be available later this year.


Additionally, starting next year, Apple will share pre-jailbroken devices with vetted and trusted security researchers and hackers under the new iOS Security Research Device Program, first reported by Forbes.


The program will give researchers access to ssh, root shell, and advanced debug capabilities ultimately allowing them to hunt for vulnerabilities on the secure shell level.


By expanding its bug bounty program, Apple hopes to encourage more security researchers to privately disclose security vulnerabilities.