Apple opens its bug bounty program to all white hat hackers

As announced in August, Apple has now announced the opening of its invite-only bug bounty program to all security researchers.

Apple has now announced the opening of its invite-only bug bounty program to all security researchers. The tech giant will pay white hat hackers that will report security flaws in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud.

In August, at the Blackhat cybersecurity conference, Apple announced a few major changes to its bug bounty program including the opening to any researcher.

The most striking change is related to the payout for the rewards, the
maximum reward passed from $200,000 to $1 million. This is the biggest payout for a bug bounty program operated by a tech company.

Apple will pay up to $1 million rewards for a zero-click kernel code execution vulnerability zero user clicks,  that could be exploited by an attacker to take over a device.

On top of the maximum reward of $1 million, the tech giant announced it will also offer a supplementary bonus of 50% to those experts who report security issues in beta version software before its public release.

Until now the Apple’s bug bounty program only rewarded researchers that reported vulnerabilities in the iOS mobile operating system.

Apple’s decision to extend the bug bounty program and increase the rewards is very important. Let’s consider that since now the best way to earn money for a bug hunter was to sell the exploits to zero-day broker firms like Zerodium. These companies historically offered greater rewards for working zero-day exploits for popular software like iOS and the Tor Browser.

Pierluigi Paganini

(SecurityAffairs – Apple, hacking)

Share On