Apple extends bug bounty and provides special iPhones for researchers
Apple wants everyone to know that it’s taking security seriously, and it’s willing to pay for it. The company announced today that it is launching a new bug bounty program that will pay people up to $1 million for discovering and disclosing security flaws in macOS, tvOS, watchOS and iCloud. The company also revealed that it will provide security researchers with special iPhones to help them discover bugs before hackers do, according to Bloomberg. The iPhone program had been rumored earlier this week.
By including its other operating systems, Apple is extending the bug bounty program that it first launched for iOS in 2016. Researchers who discover security flaws that affect platforms other than iOS are eligible to receive payouts as large as $200,000. That is the same price Apple initially offered as a maximum reward for its iOS program. The company boosted that payout to $1 million today, only for iOS flaws that allow an attacker to gain full access to an iPhone or iPad without any physical interaction with the device. The company also added a $500,000 tier reward for security shortcomings that allow hackers to access user data.
Extending its bug bounty program to all of its platforms is a long time coming for Apple, and perhaps motivated by people withholding disclosure of bugs because of the lack of incentive. Earlier this year, a security researcher revealed that he discovered a flaw in macOS that could expose user passwords but refused to provide details to Apple because of the lack of a bounty program for the operating system.