Apple opened up its bug bounty program to all its operating systems Thursday. What is more, it is offering security researchers pay-outs of up to $1.5 million for their finds (via AppleInsider).
Bug Bounty Payouts Increased
Apple will now offer bug bounty payouts for vulnerabilities found in macOS, watchOS, tvOS, iPadOS, and iCloud. Its head of security engineering and architecture, Ivan Krstic, laid out the plans at the Black Hat conference.
New payouts announced included:
- $ 1 million – full-chain kernel code execution attack that can persist, performed without user interaction
- $500,000 – zero-click access to high-value user data over a network without user interaction.
- $250,000 – zero-click radio to kernel attack with physical proximity without user interaction.
- $100,000 – lock screen bypass
Furthermore, the researcher will receive a 50 percent bonus if they find an issue in a pre-release beta and report it to Apple before the public release. That means in total they could receive $1.5 million.
‘Dev Devices to Researchers’
Apple also confirmed reports it will hand out “dev devices” to some researchers. These give the researcher enhanced access to the device.