Apple increases its bug bounty payouts and expands access to all researchers

Apple’s head of security engineering, Ivan Krstić, announced at the Black Hat conference in Las Vegas Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS iCloud and iOS devices.

Apple first introduced its bug bounty program for iOS devices in August 2016, allowing security researchers who revealed bugs in iOS to receive a cash reward. Until now, non-iOS devices were not included in this program, a move that was criticised by the IT security community. 

With the launch of the new bug bounty program, Apple has increased the maximum size of the bounty from $200,000 per discovery to $1million, depending on the flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Researchers who discover vulnerabilities in software before general release will be eligible for a maximum 50 per cent bonus payout, on top of the standard bounty amount. 

Apple also plans to provide vetted and trusted security researchers and hackers with developer iPhones, to provide deeper access to underlying software and OS that will make it easier to discover vulnerabilities.