Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program

Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS, and iCloud as well as iOS devices, Apple's head of security engineering Ivan Krstić announced this afternoon at the Black Hat conference in Las Vegas.

Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.


Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.

With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount.

As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.


Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

(Thanks, SecuritySteve!)

Top Rated Comments

(View all)
Avatar
12 months ago
Overdue, but a good move.
Score: 17 Votes (Like | Disagree)
Avatar
12 months ago

This is welcome news. It would be nice if Apple could fully secure its own software but that's just not how the industry works.

There's an old saying I'll paraphrase. "No plan of battle survives first contact with the enemy".

No software testing can put every piece of software into every possible configuration. One different application, combined with a different time zone, and a screen configuration can change things enough for something inside to cry "uncle".

Just like my old man used to say. Never buy the first year of a new model car or truck. Give it a year or two for some other idiot to find out the wiper switch doesn't like prune fumes, or some other issue no one thought up....
Score: 11 Votes (Like | Disagree)
Avatar
12 months ago

apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.

Highly doubt that — Just more eyes looking. Apple is secretive, not cheap. They have an information-sharing issue.
Score: 6 Votes (Like | Disagree)
Avatar
12 months ago

apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.

Also, there are legal issues if an Apple engineer reverse engineers third-party apps on their platform and looks at their code, to use as part of an attack. This could lead to accusations that Apple copied from third parties' code, something that independent researchers don't run into.
Score: 6 Votes (Like | Disagree)
Avatar
12 months ago
Hackers are now called "researchers".
Score: 5 Votes (Like | Disagree)
Avatar
12 months ago
these rates look competitive compared to black market rates especially since the money is clean.
Score: 3 Votes (Like | Disagree)

Top Stories

Apple Warns Against Closing MacBooks With a Cover Over the Camera

Friday July 10, 2020 11:12 am PDT by
Apple this month published a support document that warns customers against closing their Mac notebooks with a cover over the camera as it can lead to display damage. Image via Reddit Apple says that the clearance between the display and the keyboard is designed to very tight tolerances, which can be problematic. Covering the camera can also cause issues with automatic brightness and True Tone....

iPhone Users Who Experienced 'Batterygate' Can Now File to Receive Around $25 Settlement From Apple

Monday July 13, 2020 6:50 am PDT by
Earlier this year, Apple agreed to settle a U.S. class action lawsuit that accused the company of "secretly throttling" older iPhone models. Now, eligible iPhone owners are beginning to be notified about their legal rights and options. Under the proposed settlement, Apple will provide a cash payment of approximately $25 to each eligible iPhone owner who submits a claim, with its total payout ...

Apple Moving Forward on Semitransparent Lenses for Upcoming AR Headset

Friday July 10, 2020 7:24 am PDT by
Apple and Foxconn have reached a key milestone in the development of Apple's long-rumored augmented reality headset, with the semitransparent lenses for the device moving from prototype to trial production, reports The Information. Apple is developing the lenses on a single production line at a Foxconn factory in Chengdu in southwestern China, where most of Apple’s iPad production is...

Arm-Intel-PowerPC Universal Binaries Are Possible

Saturday July 11, 2020 1:42 pm PDT by
Casual MacRumors visitors may not realize that we have a very active PowerPC forum where users discuss issues related to PowerPC Macs that have not been produced since 2006. Threads range from hardware upgrades and software options to nostalgia: Photo by AphoticD Apple's recently announced transition to Apple Silicon (Arm) based Macs raised some interesting questions about future support...

Possible 'iPhone 12' Battery Certifications Suggest Lower Capacities Than iPhone 11 Series

Monday July 13, 2020 4:22 am PDT by
MySmartPrice has spotted certifications for three new Apple batteries that it believes could be for the upcoming iPhone 12 lineup, despite them being less capacitive than the batteries in the current iPhone 11 series. The batteries are identified with the model numbers A2471, A2431, and A2466, and appear on Safety Korea, China's 3C, and the Danish agency UL Demko. Apple is expected to...

Leaker: 'iPhone 12 Pro' to Come With 6GB of RAM

Friday July 10, 2020 1:59 am PDT by
Later this year, Apple is expected to release four OLED iPhones in three display sizes, including 5.4, 6.7, and two 6.1-inch models. Rumors suggest the 6.7-inch iPhone and one 6.1-inch model will be higher-end devices, and now leaker @L0vetodream has corroborated previous rumors about the internal specs of Apple's upcoming lineup. Rumors suggest Apple will use 5-nanometer A14 chips in its...

Kuo: Apple Silicon Macs to Include 13-inch MacBook Pro and MacBook Air This Year, 14.1-inch and 16-inch MacBook Pro Models Next Year

Friday July 10, 2020 2:58 am PDT by
At last month's WWDC, Apple officially announced that its Mac computers will be transitioned from Intel x86 to homegrown Apple Silicon chips. Apple said it plans to deliver the first Apple Silicon Mac by the end of the year and complete the transition in about two years. According to Apple analyst Ming-Chi Kuo, a 13.3-inch MacBook Pro with a form factor similar to the current 13.3-inch...

Google to 'Dramatically' Improve Chrome Impact on Mac Battery Life

Sunday July 12, 2020 1:56 pm PDT by
Google will address long-standing battery life issues, particularly on Mac devices, reports The Wall Street Journal. Chrome will improve "tab throttling" by better prioritizing active tabs and limiting resource drain from tabs open in the background. This is said to have a "dramatic impact on battery and performance." Google has reportedly been performing early tests on Mac laptops in...

Top Stories: iOS 14 Public Beta, iPhone 12 Size Comparison, 14-Inch MacBook Pro Rumors

Saturday July 11, 2020 6:00 am PDT by
After one round of developer beta testing, Apple unleashed iOS and iPadOS 14 to a wider audience this week, opening it up to members of the public beta program. There are lots of changes and new features to check out, but as with any beta, be careful about installing it on your main devices. Subscribe to the MacRumors YouTube channel for more videos. Other major stories this week included our ...

Apple Shares Humorous 'Working-From-Home Thing' Video

Monday July 13, 2020 9:31 am PDT by
Apple today shared a funny video focused on the problems that people working from home have to deal with, including noisy children, chaotic schedules, communication issues, and more. The video focuses on showing off Apple products and their capabilities that can be useful when working from home, such as the ability to scan a document with an iPhone, mark up a PDF, Siri Reminders, and more.The...