Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program

by

Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS, and iCloud as well as iOS devices, Apple's head of security engineering Ivan Krstić announced this afternoon at the Black Hat conference in Las Vegas.

Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.

applebugbountypayouts
Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.

With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount.

As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.

appleresearchdeviceprogram
Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

(Thanks, SecuritySteve!)

Top Rated Comments

smithrh Avatar
smithrh
46 months ago
Overdue, but a good move.
Score: 17 Votes (Like | Disagree)
IIGS User Avatar
IIGS User
46 months ago
This is welcome news. It would be nice if Apple could fully secure its own software but that's just not how the industry works.
There's an old saying I'll paraphrase. "No plan of battle survives first contact with the enemy".

No software testing can put every piece of software into every possible configuration. One different application, combined with a different time zone, and a screen configuration can change things enough for something inside to cry "uncle".

Just like my old man used to say. Never buy the first year of a new model car or truck. Give it a year or two for some other idiot to find out the wiper switch doesn't like prune fumes, or some other issue no one thought up....
Score: 11 Votes (Like | Disagree)
Websnapx2 Avatar
Websnapx2
46 months ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Highly doubt that — Just more eyes looking. Apple is secretive, not cheap. They have an information-sharing issue.
Score: 6 Votes (Like | Disagree)
konqerror Avatar
konqerror
46 months ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Also, there are legal issues if an Apple engineer reverse engineers third-party apps on their platform and looks at their code, to use as part of an attack. This could lead to accusations that Apple copied from third parties' code, something that independent researchers don't run into.
Score: 6 Votes (Like | Disagree)
now i see it Avatar
now i see it
46 months ago
Hackers are now called "researchers".
Score: 5 Votes (Like | Disagree)
killawat Avatar
killawat
46 months ago
these rates look competitive compared to black market rates especially since the money is clean.
Score: 3 Votes (Like | Disagree)
Read All Comments

Popular Stories

iOS 16

iOS 16.3 Now Available for Your iPhone With These 4 New Features

Friday February 3, 2023 1:13 pm PST by
Apple released iOS 16.3 in late January following nearly six weeks of beta testing. The software update is available for the iPhone 8 and newer, and while it is a relatively minor update, it still includes a handful of new features, changes, and bug fixes. Below, we've recapped new features in iOS 16.3, including support for physical security keys as a two-factor authentication option for...
Read Full Article
ipad air purple

Deals: M1 iPad Air Hits Record-Low Prices at TigerDirect, Starting at $313.99 (48% Off) [Updated]

Saturday February 4, 2023 10:05 am PST by
Online retailer TigerDirect has slashed pricing on the M1 iPad Air in several colors, offering the base 64GB configuration for just $313.99 in Purple and Pink. Note: MacRumors is an affiliate partner with TigerDirect. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. That's a savings of 48% compared to Apple's normal $599.00...
Read Full Article481 comments
Apple Silicon Teal Feature

The Next Big Apple Silicon Device May Not Be a Mac or iPad

Wednesday February 1, 2023 3:57 am PST by
Apple's next device with an Apple silicon chip may not be a Mac or an iPad, but rather an advanced external display, according to recent reports. The display, which is rumored to arrive this year, is expected to sit somewhere between the $1,599 Studio Display and the $4,999 Pro Display XDR – but more exact information about the device's positioning and price point is as yet unknown. While ...
Read Full Article
iPhone 14 Pro Purple Side Perspective Feature Purple

Gurman: Apple Considering New High-End iPhone Alongside Pro and Pro Max

Sunday February 5, 2023 6:07 am PST by
Apple has discussed selling a new top-of-the-line iPhone alongside the Pro and Pro Max models in 2024 at the earliest, according to Bloomberg's Mark Gurman. Based on this timeframe, the device would be part of the iPhone 16 lineup or later. In a September 2022 edition of his weekly "Power On" newsletter, Gurman said there was "potential" for an iPhone 15 Ultra to replace the iPhone 15 Pro...
Read Full Article459 comments
HomePod 2 White and Midnight Feature Purple Blue

Apple Explains Why HomePod Was Released Again, Wi-Fi 4 Limitation, and More

Thursday February 2, 2023 7:57 am PST by
Apple's VP of hardware engineering Matthew Costello and product marketing employee Alice Chan recently spoke with Men's Journal and TechCrunch about the new second-generation HomePod in wide-ranging interviews about the smart speaker. Apple discontinued the original full-size HomePod in March 2021 after multiple reports indicated that sales of the speaker were lackluster, but Chan told Men's ...
Read Full Article311 comments
webkit vs chromium feature

Google Working on Browser for iOS That Would Break Apple's App Store Rules

Saturday February 4, 2023 1:30 am PST by
Google's Chromium developers are working on an experimental web browser for iOS that would break Apple's browser engine restrictions, The Register reports. The experimental browser, which is being actively pursued by developers, uses Google's Blink engine. Yet if Google attempted to release it on the App Store, it would not pass Apple's App Review process. Apple's App Store rules dictate...
Read Full Article271 comments
iOS 16

Apple Preparing iOS 16.3.1 Update for iPhone as Wait for iOS 16.4 Beta Continues

Thursday February 2, 2023 6:41 am PST by
Apple appears to be preparing an iOS 16.3.1 update for the iPhone, based on evidence of the software in our website's analytics logs this week. It's unclear when the update will be released, but it will likely be available at some point in February. The same logs have accurately foreshadowed the release of several previous updates, including iOS 16.0.3 and iOS 16.1.1 most recently, so they...
Read Full Article56 comments
maxresdefault

Hands-On With Apple's Second-Generation HomePod

Friday February 3, 2023 1:28 pm PST by
Today is the official launch day for the second-generation HomePod that was introduced in January, and we picked one up to compare it to the original HomePod that Apple discontinued in 2021. Subscribe to the MacRumors YouTube channel for more videos. Design wise, the second-generation HomePod looks a lot like the first-generation model, featuring the same rounded design and acoustic mesh...
Read Full Article175 comments