The bug bounty program by Apple which was open by invitation only from when it launched in 2016, has now been made public to all security researchers. Prizes go up to $1 million or more depending on the bugs or flaws found. Apple announced at the Black Hat conference in August that it includes iCloud, iPadOS, macOS, tvOS, and watchOS on the bug bounty list.
People looking to participate and win big in the program must submit a detailed description of the issue, and other details enough to let Apple correct the issue or reproduce it. A bug discovered in beta version software will grant the researcher a 50 percent bonus reward along with the standard reward. Bypassing the device’s lock screen can earn $25,000 – $100,000, gaining unauthorized access to iCloud could earn $25,000 – $100,000, and getting sensitive data from locked device earns between $100,000 and $250,000. The jackpot bugs for researchers will be those that take over a device without any action by the user, called a zero-click attack.
Apple’s bug bounty program is one of the biggest programs among the tech giants, still being recent from 2016. The program may help Apple with its software launch seeing the bugs with iOS 13. Apple also said that it will give donations equalling to the bounty payments to qualifying charities, and publicly recognizing researchers who submit proper reports.
