Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program

by

Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS, and iCloud as well as iOS devices, Apple's head of security engineering Ivan Krstić announced this afternoon at the Black Hat conference in Las Vegas.

Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.

applebugbountypayouts
Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.

With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount.

As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.

appleresearchdeviceprogram
Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

(Thanks, SecuritySteve!)

Top Rated Comments

smithrh Avatar
smithrh
43 months ago
Overdue, but a good move.
Score: 17 Votes (Like | Disagree)
IIGS User Avatar
IIGS User
43 months ago
This is welcome news. It would be nice if Apple could fully secure its own software but that's just not how the industry works.
There's an old saying I'll paraphrase. "No plan of battle survives first contact with the enemy".

No software testing can put every piece of software into every possible configuration. One different application, combined with a different time zone, and a screen configuration can change things enough for something inside to cry "uncle".

Just like my old man used to say. Never buy the first year of a new model car or truck. Give it a year or two for some other idiot to find out the wiper switch doesn't like prune fumes, or some other issue no one thought up....
Score: 11 Votes (Like | Disagree)
Websnapx2 Avatar
Websnapx2
43 months ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Highly doubt that — Just more eyes looking. Apple is secretive, not cheap. They have an information-sharing issue.
Score: 6 Votes (Like | Disagree)
konqerror Avatar
konqerror
43 months ago
apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.
Also, there are legal issues if an Apple engineer reverse engineers third-party apps on their platform and looks at their code, to use as part of an attack. This could lead to accusations that Apple copied from third parties' code, something that independent researchers don't run into.
Score: 6 Votes (Like | Disagree)
now i see it Avatar
now i see it
43 months ago
Hackers are now called "researchers".
Score: 5 Votes (Like | Disagree)
killawat Avatar
killawat
43 months ago
these rates look competitive compared to black market rates especially since the money is clean.
Score: 3 Votes (Like | Disagree)
Read All Comments

Popular Stories

iphone 14 pro hands snowflakes 1

Best Black Friday iPhone Deals Still Available

Wednesday November 23, 2022 1:55 pm PST by
Cellular carriers have always offered big savings on the newest iPhone models during the holidays, and Black Friday 2022 is no different. Even though Black Friday is officially over, we're still tracking notable offers on the iPhone 14 and iPhone 14 Pro devices from AT&T, Verizon, and T-Mobile. For even more savings, keep an eye on older models like the iPhone 13. Note: MacRumors is an...
Read Full Article12 comments
General Black Friday Deals 2022 Green

All the Apple Black Friday Deals You Can Still Get

Friday November 25, 2022 4:40 am PST by
Although Black Friday is now technically over, many Apple products are still seeing major discounts through the weekend as we head into Cyber Monday. In this article, you'll find every Apple device with a notable Black Friday sale that's still available. We'll be updating as prices change and new deals arrive, so be sure to keep an eye out if you don't see the sale you're looking for yet. Note:...
Read Full Article47 comments
ipad holiday bulbs

Best Black Friday iPad Deals Still Available

Thursday November 24, 2022 12:25 pm PST by
Black Friday deals have been in full swing for the better part of a month, and even with the shopping holiday officially over, we're still seeing solid discounts on Apple devices. We're highlighting the best sales for all of Apple's product lines, and in this article you'll find the best Black Friday sales on iPad, iPad Pro, iPad Air, and iPad mini. Note: MacRumors is an affiliate partner with ...
Read Full Article12 comments
airpods pro 2

Apple Engineer Addresses Lack of Lossless Support on New AirPods Pro

Friday November 25, 2022 2:58 am PST by
An Apple engineer has addressed the lack of lossless audio support in the second-generation AirPods Pro in a new interview. Current Bluetooth technology in the AirPods lineup means that Apple's audio products do not support Apple Music Lossless audio. Apple has previously hinted that it may develop its own codec and connectivity standard that builds on AirPlay and supports higher quality...
Read Full Article188 comments
mac imac snowflakes

Best Black Friday iMac and MacBook Deals Still Available

Thursday November 24, 2022 1:07 pm PST by
Our Black Friday coverage continues through the weekend with the best deals you can find on MacBook Pro, MacBook Air, and iMac. As with all Black Friday deals, we aren't sure how long any of these will last, and prices are always fluctuating, so if you see something you want, be sure to buy it soon. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and...
Read Full Article10 comments
maxresdefault

Nothing Phone 1 Displays AirPods Battery Level After Latest OS Update

Friday November 25, 2022 3:33 am PST by
Nothing Phone 1 users today began receiving the Nothing OS 1.1.7 update, which adds support for displaying the battery percentage of connected AirPods, amongst other improvements and bug fixes. If you own a Nothing Phone 1, you can check for the OTA update by going to Settings -> System -> System updates. Bear in mind that as support for displaying AirPods battery level is still an...
Read Full Article54 comments
apple watch gold ornaments

Best Black Friday Apple Watch Deals Still Available

Wednesday November 23, 2022 9:31 am PST by
We're tracking all of the best Apple product discounts for Black Friday as they continue through the weekend, and the Apple Watch always makes a great gift around the holiday season, so you're guaranteed to find solid discounts right now. In this article, you'll discover the best Black Friday sales on Apple Watch Series 8, Apple Watch SE, and Apple Watch Ultra. Note: MacRumors is an affiliate...
Read Full Article8 comments