Here's How To Get A Total Of $1 Million From Apple's Bug Bounty Program
Chitanis - Oct 04, 2019
Apple announced that its bug bounty program is being expanded, alongside a prize pool that competitors can earn up to $1 million.
- How To Use macOS Catalina's Voice Control Function
- Apple iPhone SE 2 Will Be Small, But Here's Why It's Important
- Apple's Beats Solo Pro Headphones Hands-On: Another Solid Offer From Beats
Products made by Apple have been famous for being quite secure, they aren’t perfect though. In case you’re a white-hat hacker or an outstanding cybersecurity expert, and you also want to try other Apple services and devices beyond just iCloud and iOS, you can get plenty of money.
The director of security architecture and engineering of Apple - Ivan Krstic announced at the Black Hat security conference this year that the company’s bug bounty program is being expanded to include every major platform of Apple. What’s more, there is also an increase in the payouts for the program.
Now, the bounty program in question covers not only iCloud, iPadOS, tvOS, watchOS, macOS, and iOS, but also all devices running on these mentioned operating systems. If you find a bug, you can earn up to 1 million USD – a considerable increase from 2 hundred thousand USD – the previous maximum. The high-value rewards for bugs which are disclosed include:
- One hundred thousand USD for bypassing lock screen or accessing high-value data of the user without authorization.
- Two hundred and fifty thousand USD for extracting user data or attacking high-value user data from CPU side-channel
- One hundred and fifty thousand USD for executing Kernel code or accessing high-value data of the user without authorization with one click
- Two hundred and fifty thousand USD for executing on-click Kernel code or attacking radio to kernel code as well as physical proximity network with no click.
- Five hundred thousand USD for accessing high-value data of the user without a click.
- One million USD for attacking by executing persistent and full-chain code with no user interaction
Additionally, whoever finds bugs can get a fifty-percent bonus for vulnerabilities disclosure in builds that haven’t been released yet.
However, what is the reasons for Apple for increasing the payouts? It encourages more researchers about security to investigate products of Apple and at the same time makes it more profitable for these researchers to uncover the vulnerabilities to the company instead of selling them to groups of hackers who would rather use security flaws for bad purposes.
If you have an interest in this bug bounty program, you should come to the official support website of Apple for privacy and security vulnerabilities in which there is more information about the program generally as well as detailed instructions for disclosing bugs.