Australia Markets closed

Apple's expanded bug bounty program opens to everyone

Mariella Moon
Associate Editor
Apple

Apple's bug bounty program is now open to all security researchers, and it now also covers macOS, tvOS, watchOS and iCloud. The tech giant's bug bounty used to be invite-only and exclusively offered payouts for iOS bugs. A few months ago, however, the company revealed that it's expanding the program's scope and paying up to $1 million in rewards. Now, the expanded program is live, as Ivan Krstić, Apple's Head of Security and Architecture, has announced on Twitter.

The company has also published an information page detailing the program's scope, rules and rewards -- as you can see, vulnerabilities that could lead to network attacks without user interaction have the highest possible payouts, ranging from $250,000 to $1 million. In order to be eligible for a reward, the issue must be found in the latest publicly available versions of the company's software and, if relevant, the latest hardware.

Researchers who find issues in developer and public betas could also get a 50 percent bonus, probably because discovering them will allow the company to conjure up a fix before they land on most users' devices. As ZDNet notes, though, Apple has pretty stringent requirements to be able to claim rewards, including the submission of functional exploits for the issues being reported.