Apple Opens Bug Bounty Program To Public, $1M Worth Of Rewards

Recently, Apple has opened its bug bounty program to every security expert who is directly related to the process of discoveries of fatal flaws on a number of its operating systems. Also, Apple tends to pay up to $1M or more in the total rewards, according to Ivan Krstić - Apple’s Head of Security and Architecture. 

The bug bounty program had been invited only since its initial come-out in 2016, and it currently covers operating systems beyond iOS. Apple used to announce at the Black Hat conference in August that it was planning to pave the way for the program to everyone, and at that time iCloud, watchOS, macOS, and tvOS were included in the bug bounty list.  

However, the researchers are obligatory to send a detailed description of the flaw which is the major contributor to persuade Apple to reproduce its program. The highest payouts will belong to the researchers discovering bugs that harm multiple Apple platforms, especially if this issue affects its latest devices as well as software. 

Additionally, any flaws found in the beta version will assist the researchers in earning a 50% percent bonus, along with the standard reward. Even more, the top possibly payouts will range from $25.000 to $250.000 for those who likely bypass the lock screen of devices, reach unauthorized access in iCloud and extract confidential data from a locked device.  

The striking feature in this program is the researchers will gain the most lucrative payout if they produce attacks through a device without any action from users namely zero-click attacks. Besides, they are required to submit a complete exploit chain and a report prior to receiving any bounty in this circumstance.

As part of the expanded program, Apple declared that the donation will match the quality of discoveries. Moreover, the submission of valid reports is also included to claim beneficial payment.