Home>Blog>The Hacker News Headlines>Apple will now pay hackers up to $1 million for reporting vulnerabilities
The Hacker News Headlines

Apple will now pay hackers up to $1 million for reporting vulnerabilities

apple bug bounty program payouts

Apple has just updated the rules of its bug bounty program by
announcing a few major changes during a briefing at the annual
Black Hat security conference yesterday.

One of the most attractive updates is…

Apple has enormously increased the maximum reward for its bug
bounty program from $200,000 to $1 million—that’s by far the
biggest bug bounty offered by any major tech company for reporting
vulnerabilities in its products.

The $1 million payouts will be rewarded for a severe deadly
exploit—a zero-click kernel code execution vulnerability that
enables complete, persistent control of a device’s kernel. Less
severe exploits will qualify for smaller payouts.

What’s more?

From now onwards, Apple’s bug bounty program is not just
applicable for finding security vulnerabilities in the iOS mobile
operating system, but also covers all of its operating systems,
including macOS[1], watchOS, tvOS, iPadOS,
and iCloud.

apple bug bounty program payouts

Since its inception around three years ago, Apple’s bug bounty
program only rewards security researchers and bug bounty hunters
for discovering vulnerabilities in the iOS mobile operating system,
which will continue until the expanded program comes into effect
this fall.

Are you excited? Here’s a special iPhone that can be
yours…

From next year, Apple will also provide pre-jailbroken iPhones
to a selection of trusted security researchers as part of the iOS
Security Research Device Program. The new program was first
reported[2] by Forbes.

These devices will have far deeper access than iPhones available
to everyday users, including access to ssh, root shell, and
advanced debug capabilities, allowing researchers to hunt for
vulnerabilities at the secure shell level.

Though anyone can apply to receive one of these special iPhones
from Apple, the company will hand out only a limited number of
these devices and only to qualified researchers.

Not compelling enough? Bonus rewards are also waiting for
you…

On top of its maximum reward of $1 million, Apple is also
offering a 50% bonus to researchers who find and report security
vulnerabilities in its pre-release software (beta version) before
its public release—bringing its maximum reward to $1.5 million.

You can apply for Apple’s revised bug bounty program later this
year, which will be open to all researchers, rather than a limited
number of security experts approved by Apple.

The expansion and massive boost in the payout of Apple’s bug
bounty program are likely to be welcomed by security researchers
and bug bounty hunters who either publicly[3] disclose vulnerabilities[4]
they discovered in Apple
products[5] or sell it to private
vendors like Zerodium[6], Cellebrite[7], and Grayshift[8]
who deal in zero-day exploits, for profit.

References

  1. ^
    macOS
    (thehackernews.com)
  2. ^
    reported
    (www.forbes.com)
  3. ^
    publicly
    (thehackernews.com)
  4. ^
    vulnerabilities
    (thehackernews.com)
  5. ^
    discovered in Apple products
    (thehackernews.com)
  6. ^
    Zerodium
    (thehackernews.com)
  7. ^
    Cellebrite
    (thehackernews.com)
  8. ^
    Grayshift
    (thehackernews.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.