Apple has just updated its Apple Bug Report program. It has just updated the rules of its bug bounty program by announcing a few major changes during a briefing at the annual Black Hat security conference yesterday.
One of the most attractive updates is…
$1 million for an iPhone hack
Apple Bug Report
Apple has enormously increased the maximum reward for its bug bounty program from $200,000 to $1 million—that’s by far the biggest bug bounty offered by any major tech company for reporting vulnerabilities in its products.
The $1 million payouts will be rewarded for a severe deadly exploit—a zero-click kernel code execution vulnerability that enables complete, persistent control of a device’s kernel. Less severe exploits will qualify for smaller payouts.
From now onwards, Apple’s bug bounty program is not just applicable for finding security vulnerabilities in the iOS mobile operating system, but also covers all of its operating systems, including macOS, watchOS, tvOS, iPadOS, and iCloud.
Since its inception around three years ago, apple bug report program only rewards security researchers and bug bounty hunters for discovering vulnerabilities in the iOS mobile operating system, which will continue until the expanded program comes into effect this fall.
The full $1 million will go to researchers who can find a hack of the kernel—the core of iOS—with zero clicks required by the iPhone owner. Another $500,000 will be given to those who can find a “network attack requiring no user interaction.” There’s also a 50% bonus for hackers who can find weaknesses in software before it’s released.