Vulnerabilities

Apple Bug Bounty Program Expands To Include MacOS and Other Products

Apple bug bounty program

Here comes good news for all researchers who demanded bug bounties for MacOS. Three years back, at Black Hat USA 2016, Apple announced its bug bounty program offering up to $200,000 as payouts. Now, once again, Apple chose the platform of the same event to make another happy announcement. As announced at the Black Hat USA 2019, the Apple Bug Bounty Program will now include MacOS too. Also, they have announced huge payouts for the reported bugs.

Apple Bug Bounty Program Scope Expansion

Reportedly, Apple has announced a major scope expansion in its bug bounty program. The program that previously focused on iOS only will now cover MacOS as well, as demanded by the security researchers for quite a long time.

The news surfaced online after an announcement by Ivan Krstic, Apple’s Head of Security Engineering and Architecture, at the Black Hat USA 2019. Apart from MacOS, the bug bounty program will also cover other product lines by Apple. As shared by a researcher,

Bounties Up to $500K; Special iPhones To Hackers

What makes the revised program more enticing is the huge amount offered as bounty. Earlier, the bug reporters could win up to $200,000 for reporting iOS flaws.

However, the tech giant is now willing to pay up to $500,000 for bugs allowing zero-click access to users’ valuable data. Whereas, a simple lock screen bypass can also let a hacker win $100,000. Also, Apple offers a 50% bonus on payouts for reporting bugs in the pre-release builds.

Moreover, Apple also offers up to $1 million for iOS flaws that allow gaining full access to the device without physical interaction.

Apple will also give unhardened iPhones to chosen security researchers as part of the ‘iOS Security Research Device Program’. As Krstic told Bloomberg, these special iPhones will disable security features, thus allowing deeper access to the researchers.

This move will let the researchers discover the vulnerabilities before any malicious hacker. It will be an invite-only program launching next year.

Take your time to comment on this news.

You Might Also Like