Apple widens the scope of its bug bounty program, and increases top payout to $1 million
Bug bounty programs are a common way for companies to learn about problems with their hardware and software, while giving people the chance to get paid for finding them. Apple is one of the big names to run such a program, and it has at long last expanded it to included macOS.
The iPhone-maker made the announcement at the Black Hat security conference, where it also revealed that not only will its bug bounty program spread to tvOS, watchOS and iCloud as well, but also that the maximum reward is increasing to a cool $1 million.
- Apple is discouraging the installation of third party batteries by displaying Battery Health warnings
- These are the Apple Card restrictions you need to know about
- Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings
The chances of anyone being awarded this vast sum seems pretty slim, though. In order to qualify for it, a security researcher -- or anyone for that matter -- would need to discover a serious new vulnerability in iOS. To get the payout, the bug would have to allow an attacker to take control of a phone without the need for user interaction.
On top of this, Apple also announced that it would be making available a small number of Security Research Devices -- essentially pre-jailbroken iPhones with access to ssh, root shell, and "advanced debug capabilities" -- to make it easier for security researchers to conduct investigations.
The devices will only be made available to a handful of people with a "track record of high-quality system security research". Apple will start to hand them out at an undisclosed time next year.