Apple launches new bug bounty program with up to $1 million bonus for researchers

Apple has quietly launched a new bug bounty hunter program aimed at attracting more security researchers to participate in Apple product research with financial incentives. If security researchers find vulnerabilities in the latest versions of Apple software such as iOS, iPadOS, macOS, tvOS, watchOS, it is considered effective. Apple will provide researchers with high bonuses based on different security levels of the vulnerability, including a $1 million bonus for kernel-level vulnerabilities that do not require interaction.

Like the vulnerability plans of other companies, Apple also needs detailed proofs-of-concept from security researchers to ensure that the vulnerabilities are real, effective and exploitable. For this reason, if researchers find vulnerabilities and provide proof-of-concept but cannot effectively exploit them, the reward for a particular vulnerability will be reduced to 50%.

To ensure the security of the latest version of the software, Apple also detailed in this plan what security researchers should do to maximize Apple’s bounty. Among them, if the vulnerability affects multiple platforms, the bounty incentive will increase significantly. At the same time, researchers need to pay attention to various test versions of firmware released by Apple. Beta versions usually bring new features that require more code and are more vulnerable, so Apple also recommends that researchers audit these new content. In addition, if vulnerabilities can impact sensitive components of the system, such as the kernel, usually the security threat level is higher and therefore a richer bug bounty can be obtained.

For more information, please click here to go to the Apple Developer Website homepage for details.