This archive report was first published on 23 December 2019.
Apple has revamped its bug bounty program, offering lucrative payouts to researchers who discover and report security issues in its latest operating systems. The program, which was announced in August at the Black Hat conference, is now open to researchers.
The revamped program promises payouts ranging from $100,000 to $1.5 million for different bounty categories, including bugs in iCloud, device attacks via physical access, and network access with user interaction. Researchers who find and clearly report issues to Apple Product Security will be eligible for the payouts.
The program's instructions are strict, requiring researchers to submit a full chain exploit with their report. This new addition in Apple security could be a response to the myriad problems with the buggy iOS 13 software update, which was rolled out last month.
Other tech giants, including Google, Facebook, Microsoft, Yahoo, Chrysler, and United Airlines, have also opened up bug bounty programs in the past year. This trend highlights the importance of security in the tech industry and the need for companies to invest in bug bounty programs to identify and fix security vulnerabilities.