Apple Offers New Bug Bounty of up to $1.5 Million

Dramatic interpretation of a hacker plying his trade

Apple opened up its bug bounty program to all its operating systems Thursday. What is more, it is offering security researchers pay-outs of up to $1.5 million for their finds (via AppleInsider).

Dramatic interpretation of a hacker plying his trade

Bug Bounty Payouts Increased

Apple will now offer bug bounty payouts for vulnerabilities found in macOS, watchOS, tvOS, iPadOS, and iCloud. Its head of security engineering and architecture, Ivan Krstic, laid out the plans at the Black Hat conference.

New payouts announced included:

  • $ 1 million – full-chain kernel code execution attack that can persist, performed without user interaction
  • $500,000 – zero-click access to high-value user data over a network without user interaction.
  • $250,000 – zero-click radio to kernel attack with physical proximity without user interaction.
  • $100,000 – lock screen bypass

Furthermore, the researcher will receive a 50 percent bonus if they find an issue in a pre-release beta and report it to Apple before the public release. That means in total they could receive $1.5 million.

‘Dev Devices to Researchers’

Apple also confirmed reports it will hand out “dev devices” to some researchers. These give the researcher enhanced access to the device.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.