Updated: December 21, 2019 8:49:28 pm
Apple runs a bug bounty programme, which was previously only available to select researchers who were invited by the company. It has now opened the programme for all, wherein it will pay all security researchers between $1,00,000 to $1 million on finding and reporting bugs in the company’s products to Apple Product Security.
Under this more open bug bounty programme, the company has included reports on bugs in iCloud, device attacks via physical access, network attacks with user interaction and more.
To recall, earlier this year the company had offered special iPhones to select security researchers at the Black Hat security conference in Las Vegas, which had an open code, to find vulnerabilities and report them. The original bug bounty programme was started back in 2016 and offered researchers up to $2,00,000 to find and report vulnerabilities in the system.
The eligibility criteria to take part in the Apple Security Bounty programme is that the issue must occur on the latest publicly available builds of iOS, iPadOS, macOS, tvOS or watchOS with a standard configuration on the latest publicly available hardware.
To claim the bounty, the researcher should be the first one to report the issue to Apple Product Security, provide a clear report, which includes a working exploit. They should also not disclose the issue publicly before Apple releases the security advisory for the report.
Issues unknown to the company and found inside of the designated developer betas and public betas will result in a 50 per cent bonus payment.