Apple has officially opened its Bug Bounty program to all security researchers, after announcing this news at Black Hat Las Vegas earlier this year.
Before today, Apple's Bug Bounty program was only accessible by invitation and no device other than iOS was included. As reported by ZDNet, starting today, any security researcher who finds bugs in iOS, macOS, tvOS, watchOS or iCloud will be entitled to receive a cash payment after revealing Apple's vulnerability.
Apple has also increased the reward for researchers who discover exploits, from 200,000 to 1.5 million dollars depending on the nature of the bug revealed. For example, running zero-click kernel code will yield the maximum reward.
In addition, Apple says it will add a 50% bonus in addition to the standard payment for bugs found in beta software, as this allows the company to resolve the issue before the operating system version becomes public. . The same bonus is offered for so-called regression bugs: these are goals that Apple has fixed in the past but that were accidentally reintroduced in a later version of the software.
Apple has posted more information on its website, where you can find details about the Bug Bounty program, as well as the total rewards available to researchers based on exploits discovered.
When submitting reports, researchers should include a detailed description of the problem, an explanation of the state of the system when the exploit is active, and sufficient information to allow Apple to reproduce the problem reliably.
Next year, Apple plans to provide special iPhones for certain developers and security researchers. These iPhones provide deeper access to software and the operating system and make it easier to discover vulnerabilities.
These iPhones will be provided as part of Apple’s upcoming security research program, which aims to encourage other security researchers to disclose vulnerabilities, while providing greater security for end customers.