Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program

by

Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS, and iCloud as well as iOS devices, Apple's head of security engineering Ivan Krstić announced this afternoon at the Black Hat conference in Las Vegas.

Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.

applebugbountypayouts
Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.

With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount.

As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.

appleresearchdeviceprogram
Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

(Thanks, SecuritySteve!)

Top Rated Comments

smithrh Avatar
smithrh
24 months ago
Overdue, but a good move.
Score: 17 Votes (Like | Disagree)
IIGS User Avatar
IIGS User
24 months ago
This is welcome news. It would be nice if Apple could fully secure its own software but that's just not how the industry works.
There's an old saying I'll paraphrase. "No plan of battle survives first contact with the enemy".

No software testing can put every piece of software into every possible configuration. One different application, combined with a different time zone, and a screen configuration can change things enough for something inside to cry "uncle".

Just like my old man used to say. Never buy the first year of a new model car or truck. Give it a year or two for some other idiot to find out the wiper switch doesn't like prune fumes, or some other issue no one thought up....
Score: 11 Votes (Like | Disagree)
Websnapx2 Avatar
Websnapx2
24 months ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Highly doubt that — Just more eyes looking. Apple is secretive, not cheap. They have an information-sharing issue.
Score: 6 Votes (Like | Disagree)
konqerror Avatar
konqerror
24 months ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Also, there are legal issues if an Apple engineer reverse engineers third-party apps on their platform and looks at their code, to use as part of an attack. This could lead to accusations that Apple copied from third parties' code, something that independent researchers don't run into.
Score: 6 Votes (Like | Disagree)
now i see it Avatar
now i see it
24 months ago
Hackers are now called "researchers".
Score: 5 Votes (Like | Disagree)
killawat Avatar
killawat
24 months ago
these rates look competitive compared to black market rates especially since the money is clean.
Score: 3 Votes (Like | Disagree)
Read All Comments

Top Stories

16 inch macbook pro m2 render

When Can We Expect the Redesigned MacBook Pros Now?

Wednesday June 16, 2021 7:11 am PDT by
With no sign of redesigned MacBook Pro models at this year's WWDC, when can customers expect the much-anticipated new models to launch? A number of reports, including investor notes from Morgan Stanley and Wedbush analysts, claimed that new MacBook Pro models would be coming during this year's WWDC. This did not happen, much to the disappointment of MacBook Pro fans, who have been...
Read Full Article226 comments
maxresdefault

Apple CEO Tim Cook: Sideloading Apps Would 'Destroy the Security' of the iPhone

Wednesday June 16, 2021 10:49 am PDT by
Apple CEO Tim Cook this morning participated in a virtual interview at the VivaTech conference, which is described as Europe's biggest startup and tech event. Cook was interviewed by Guillaume Lacroix, CEO and founder of Brut, a media company that creates short-form video content. Much of the discussion centered on privacy, as it often does in interviews that Cook participates in. He...
Read Full Article315 comments
2021 back t0 school

Apple Launches 2021 Back to School Promotion: Free AirPods With Eligible Mac or iPad Purchase

Thursday June 17, 2021 4:56 am PDT by
Apple today launched its seasonal back-to-school sale for the upcoming school year in the United States and Canada, offering students free AirPods alongside purchases of select Macs and iPad models. Similar to last year's promotion, this year's offer includes free AirPods alongside the purchase of a MacBook Air, MacBook Pro, the new 24-inch iMac, the Mac Pro, Mac mini, and the new M1-powered ...
Read Full Article87 comments
m1 imac back

Some M1 iMac Models Shipping With Crooked Mountings

Monday June 14, 2021 12:50 pm PDT by
Some M1 iMacs appear to have a manufacturing defect that causes the display to be mounted on the stand in a way that's not perfectly aligned, leading to a crooked display. YouTuber iPhonedo over the weekend published a review of the M1 iMac, and he found that his machine appeared to be tilted on one side, a mounting disparity that was visibly noticeable and proved with a ruler. Another...
Read Full Article283 comments
apple watch 6s 202009

Bloomberg: Apple Watch Series 7 to Feature Thinner Screen Bezels, Faster Processor, and Updated Ultra Wideband Tech

Monday June 14, 2021 3:41 am PDT by
This year's Apple Watch Series 7 is likely to have thinner display bezels and use a new lamination technique that brings the display closer to the front cover, according to Bloomberg's Mark Gurman. From the report: The Cupertino, California-based tech giant is planning to refresh the line this year -- with a model likely dubbed the Apple Watch Series 7 -- by adding a faster processor,...
Read Full Article180 comments
files app ipados 15

iPadOS 15: Files App Gains NTFS Support, Progress Indicator, and More

Tuesday June 15, 2021 3:41 am PDT by
Apple in iPadOS 15 has added the ability to access NTFS-formatted media from within the Files app. The additional support for the Windows-related format, first discovered by YouTuber Steven Fjordstrøm, is read-only, so like on macOS you can't modify files stored on NTFS devices, but you can at least copy any data on them for working on elsewhere on your iPad. The Files app has also gotten a...
Read Full Article117 comments
applecare lower prices

Apple Lowers Prices of AppleCare+ Plans for M1 MacBook Air and MacBook Pro

Thursday June 17, 2021 7:33 am PDT by
Apple today lowered the prices of AppleCare+ plans for MacBook Air and 13-inch MacBook Pro models equipped with the M1 chip. Coverage offered by the plans, as well as accidental damage fees, appear to remain unchanged. In the United States, AppleCare+ for the MacBook Air now costs $199, down from $249. The new price applies to both M1 and Intel-based MacBook Air models, although Apple no...
Read Full Article128 comments
maxresdefault

Demo: Check Out AirPlay 2 on a Mac in macOS Monterey

Tuesday June 15, 2021 11:57 am PDT by
With macOS Monterey, Apple has introduced expanded AirPlay 2 support, so you can AirPlay content from an iPhone, iPad, or even another Mac to your main Mac. We thought we'd do a quick demo of this handy new feature in our latest YouTube video. Subscribe to the MacRumors YouTube channel for more videos. With AirPlay to Mac, you can extend or mirror an Apple device's display to a Mac, and since ...
Read Full Article59 comments
apple new iphone case colors

Apple Releases New Sunflower, Cloud Blue and Electric Orange iPhone 12 Cases

Monday June 14, 2021 11:12 am PDT by
Apple today released silicone iPhone cases for the iPhone 12, 12 Pro, 12 Pro Max, and 12 mini in a series of new colors that include sunflower, cloud blue, and electric orange. Sunflower is a bright yellow shade, cloud blue is a soft, light blue, and electric orange is a bright orange that's darker than the kumquat color and more orange than pink citrus. The new cases are priced starting...
Read Full Article66 comments
apple watch edition series 5 ceramic black prototype

Apple Planned Black Ceramic Apple Watch Edition Series 5

Wednesday June 16, 2021 5:45 am PDT by
Apple considered offering a black version of the ceramic Apple Watch Edition Series 5, according to newly-shared images of the prototype casing. The images, shared on Twitter by the prototype collector and leaker known as "Mr. White," show a prototype black ceramic Apple Watch casing, alongside the white ceramic version. The ceramic Apple Watch Edition Series 5 was never available in a...
Read Full Article57 comments