Skip to main content

Apple vastly expands security bounty program: higher payouts, ‘dev’ devices, Mac support

After hearing rumors about Apple expanding its bug bounty program earlier this week along with expectations for the company to start giving out dev devices like iPhones to security researchers, Apple has confirmed at the Black Hat conference today a vast expansion to its bounty program along with opening it up to all.

Up until now, Apple has restricted its bug bounty program to iOS and limited those who can participate in it. One of the first big changes announced today by Apple’s Head of Security for Engineering and Architechture, Ivan Krstić, is that the program will be opening up to include all of Apple’s platforms, even macOS and iCloud.

Going further, the expanded program will be open to all security researchers come this fall and Apple also shared a list of some of the new payouts which will go up to $1 million. The original iOS bounty program maxed out at a $200,000 payout.

Bounties for finding bugs that allow Lock screen bypass or unauthorized access to iCloud pay out $100,000. Discovering vulnerabilities that could allow an attack via a user-installed app or network attacks pay up to $250k, while uncovering bugs that would allow network attacks with no user interaction pay up to $1 million. That top payout is reserved for discovering a zero-click kernel code execution with persistence. However, finding pre-release bugs can earn researchers up to a 50% bonus.

Apple also detailed its new iOS Security Research Device program. It will be launching next year and will also be open to all, as long as applicants have a “track record of high-quality systems security research…”

This is what will put dev devices like special iPhones into researchers’ hands. Apple says it is an “unprecedented, Apple-supported iOS security research platform” that features “ssh, a root shell, and advanced debug capabilities.”

Top image via mikeb

FTC: We use income earning auto affiliate links. More.

OnlyBrush Smart Dental Travel Kit
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel