Apple has now officially launched a public bug bounty program. All security researchers can now participate.
Apple has often been criticized in the past for its bug bounty program. Until recently, it was invitation-based, but now it is available to all security researchers. Apple's developer website states:
Payments are determined by the level of access or execution the reported issue has achieved, modified by the quality of the report. Issues unique to certain developers or public betas, including regressions, may result in an additional 50% bonus if the issues were previously unknown to Apple. All security issues with a significant impact on users will be considered for payment of the Apple Security Bounty Payment, even if they do not fit into the published bounty categories.
Apple
Another change is the scope. While only iOS bugs were rewarded back then, the new model applies to all operating systems. This means that anyone who finds a vulnerability in iOS, tvOS, watchOS, macOS and iCloud will be rewarded for disclosing the error. The maximum amount has risen from 200,000 US dollars to a whopping one million. In order to receive the maximum amount, however, a device of the latest generation must be able to be taken over without user interaction. Security researchers who find such errors in a beta version can look forward to a 50 percent bonus on the actual payout. If you would like to see the entire table, you can find the link below. (Photo by Photoslash / Bigstockphoto)
