KEY POINTS

  • Apple officially launches its Bug Bounty Program
  • Apple rewards as much as $1 million and an additional 50% for the security researcher who can discover zero-click kernel code execution with persistence and kernel PAC bypass
  • Apple also plans to give specially made iPhones to security researcher to help dive deeper into the OS and software of the company

Apple officially opened its bug bounty program to all security researchers following its expansion plan announced at the Black hat conference earlier this year in Las Vegas. Previously, the bug bounty program of the Cupertino company did not include non-iOS devices and was invitation-based only. Starting today, any security researcher that can locate bugs in the macOS, tvOS, iOS, watchOS, iCloud, and iPadOS is eligible to get a cash payout for reporting the vulnerability to the Cupertino tech giant.

Interestingly, Apple increased the maximum amount of the bounty from $200,000 for every exploit to a staggering $1 million relative to the nature of the security flaw discovered. The maximum bounty of $1 million will go to the security researcher who can disclose a Zero-click kernel code execution with persistence. Apple states it will give an additional 50 percent bonus aside from the standard payout for bugs discovered in beta software.

These beta bugs enable Apple to resolve the issue before the OS version goes live to the public. Additionally, the company is offering the same amount of bonus for ‘aggression bugs. These are the bugs that the Cupertino company already fixed in the past, but are reintroduced inadvertently in the later build of the software. 

New Apple FaceTime Bug Discovered A new FaceTime bug allows people to listen to other user's microphone without them knowing. Pictured: Apple logo is seen on a mobile phone. Photo: Omar Marques/Getty Images

Apple details the information of its latest bug bounty program, including the full rewards breakdown on its official website. In 2020, Apple aims to offer trusted and vetted security researchers and hackers with ‘dev’ iPhones or specially made iPhones that allow deeper dive access to the software and operating system of the company. Moreover, it will allow for easier detection and discovery of vulnerabilities.

These specially made iPhones will be given as part of the company’s upcoming iOS Security Research Device Program. The forthcoming program hopes to more hackers and security researchers to disclose exploits and vulnerabilities, which would lead to more safe and secure devices for the public.

Apple is not the only tech company offering the bounty program. In fact, the majority of tech giants have programs and systems in place to encourage discoveries of security vulnerabilities in return for significant financial rewards.