Apple Ups Bug Bounty Payouts, Expands Access to All Researchers and Launches macOS Program

Apple is introducing an expanded bug bounty program that covers macOS, tvOS, watchOS, and iCloud as well as iOS devices, Apple's head of security engineering Ivan Krstić announced this afternoon at the Black Hat conference in Las Vegas.

Apple introduced its bug bounty program for iOS devices in August of 2016, allowing security researchers who locate bugs in iOS to receive a cash payout for disclosing the vulnerability to Apple. Prior to now, non-iOS devices were not included, a move that has previously been criticized by the security community.


Apple's lack of a macOS bug bounty program made headlines earlier this year when a German teenager initially refused to hand over details of a major macOS Keychain security flaw because Apple didn't have a payout. While he did ultimately provide the info to Apple, he said that he hoped his refusal would inspire Apple to expand its bug bounty program, which the company has indeed done.

With the launch of the new macOS bug bounty program, Apple is opening its bug bounties up to all researchers later this year and it is increasing the maximum size of the bounty from $200,000 per exploit to $1 million depending on the nature of the security flaw. A zero-click kernel code execution with persistence will earn the maximum amount.

Researchers who discover vulnerabilities in pre-release software before general release can qualify for up to a 50 percent bonus payout on top of the base bug bounty amount.

As reported earlier this week, Apple also plans to provide vetted and trusted security researchers and hackers with "dev" iPhones, aka special iPhones that provide deeper access to the underlying software and operating system that will make it easier for vulnerabilities to be discovered.


Apple is providing these iPhones as part of its new iOS Security Research Device Program, launching next year. Apple's aim with these new bug bounty efforts is to encourage additional security researchers to disclose vulnerabilities, ultimately leading to more secure devices for consumers.

(Thanks, SecuritySteve!)

Top Rated Comments

(View all)
Avatar
9 months ago
Overdue, but a good move.
Score: 17 Votes (Like | Disagree)
Avatar
9 months ago

This is welcome news. It would be nice if Apple could fully secure its own software but that's just not how the industry works.

There's an old saying I'll paraphrase. "No plan of battle survives first contact with the enemy".

No software testing can put every piece of software into every possible configuration. One different application, combined with a different time zone, and a screen configuration can change things enough for something inside to cry "uncle".

Just like my old man used to say. Never buy the first year of a new model car or truck. Give it a year or two for some other idiot to find out the wiper switch doesn't like prune fumes, or some other issue no one thought up....
Score: 11 Votes (Like | Disagree)
Avatar
9 months ago

apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.

Highly doubt that — Just more eyes looking. Apple is secretive, not cheap. They have an information-sharing issue.
Score: 6 Votes (Like | Disagree)
Avatar
9 months ago

apple probably figured its cheaper to have someone look for bugs than hiring a team of engineers.

Also, there are legal issues if an Apple engineer reverse engineers third-party apps on their platform and looks at their code, to use as part of an attack. This could lead to accusations that Apple copied from third parties' code, something that independent researchers don't run into.
Score: 6 Votes (Like | Disagree)
Avatar
9 months ago
Hackers are now called "researchers".
Score: 5 Votes (Like | Disagree)
Avatar
9 months ago
these rates look competitive compared to black market rates especially since the money is clean.
Score: 3 Votes (Like | Disagree)

Top Stories

Leaker Claims New 13-inch MacBook Pro Coming as Soon as Next Month

Monday April 6, 2020 2:56 am PDT by Tim Hardwick
Apple will announce a new 13-inch MacBook Pro in May with the codename J223, according to a rumor shared by YouTuber and leaker Jon Prosser. Note: it’s a refresh to the current 13” So the bigger 14” display upgrade is a big possibility— Jon Prosser (@jon_prosser) April 4, 2020 Analyst Ming-Chi Kuo has said Apple plans to release new MacBook Pro and MacBook Air models with scissor keyboards ...

iOS 14 Could Offer Home Screen Widgets, Wallpaper Customizations

Saturday April 4, 2020 3:30 pm PDT by Frank McShan
iOS 14 could offer home screen widgets and wallpaper customizations for the first time, according to 9to5Mac and Twitter user DongleBookPro. Apple is reportedly working to implement widgets that can be moved freely around like icons on the iPhone and iPad homescreen for the very first time. The feature is reportedly codenamed "Avocado" and no other details are available. It was also...

Top Stories: Apple Leaks iPhone SE and AirTags, Apple Buys Dark Sky, and More

Saturday April 4, 2020 6:00 am PDT by MacRumors Staff
With the calendar rolling over to April this week, we yet again saw several leaks and rumors, most notably including Apple itself leaking some references to a pair of long-rumored products: a new budget iPhone SE and AirTags item trackers. Subscribe to the MacRumors YouTube channel for more videos. Apple also acquired popular weather app Dark Sky, while Amazon's Prime Video app now allows...

Apple Music Was Second Biggest Global Music Streaming Service in 2019

Friday April 3, 2020 5:38 pm PDT by Juli Clover
Global online music streaming subscriptions were up 32 percent year-over-year in 2019, hitting 358 million subscribers, according to new estimates shared today by Counterpoint Research. Spotify was the market leader with a 31 percent share of total revenue and a 35 percent share of total paid subscriptions, while Apple Music earned the second place slot with a 24 percent share of total...

More References to Apple's Upcoming Low-Cost iPhone Appear Online

Monday April 6, 2020 4:38 am PDT by Tim Hardwick
Further references to Apple's upcoming low-cost iPhone have appeared online, one on a Chinese e-commerce website and another on Verizon's smartphone trade-in page. Spotted by tech blog MySmartPrice, Chinese retailer JD.com has published a placeholder for Apple's so-called "iPhone 9" that includes a teaser image of a veiled smartphone, but other than that it lacks any particularly revealing...

The New York Times, IFTTT, Medium, and Other Apps Adopt Sign in With Apple Ahead of June 30 Deadline

Sunday April 5, 2020 7:08 pm PDT by Frank McShan
Apps with sign-in functionality, including The New York Times, IFTTT, Medium, and more, have continued to adopt Apple's secure Sign in with Apple feature ahead of a deadline of June 30. The deadline for these apps to support the feature was recently extended from April 30. Sign in with Apple, first introduced in iOS 13, allows users to create accounts for apps and websites using an Apple ID. ...

Apple Offers Employees Deep Discounts on HomePod, Beats Headphones and More

Friday April 3, 2020 11:14 am PDT by Juli Clover
Apple is offering employees significant discounts on products that include the HomePod and Beats headphones, according to details on the deals shared by MacGeneration and 9to5Mac. Apple is said to be clearing stock of Beats headphones and HomePods, providing them to employees through an internal deals program. The HomePod is available at a 50 percent discount, dropping the price to $149.50,...

New Low-Cost 'iPhone SE' Could Launch as Soon as Tomorrow

Thursday April 2, 2020 4:06 pm PDT by Juli Clover
Apple's new low-cost iPhone is set to launch as early as Friday, April 3, according to a new report from 9to5Mac that cites a tip from a "highly trusted reader." The site says that while it can't be certain about the launch date, "Apple could reveal and begin taking orders for the new iPhone as soon as tomorrow." The iPhone 8 Apple is said to be planning to call the new iPhone, which is...

EPIX Available for Free Through Apple TV Channels Until May 2, No Subscription Required

Saturday April 4, 2020 9:28 am PDT by Frank McShan
EPIX is currently offering free access to its catalog of movies and TV shows through the Apple TV Channels feature in the TV app, and many additional services are also offering extended free trials. Upon navigating to the Apple TV app, users will notice that EPIX is listed under the "My Channels" section. Rather than offering an extended trial where users must first sign up, EPIX is...

iPad Launched 10 Years Ago Today, App Developer Reflects on Getting Access to a Top-Secret Prototype

Friday April 3, 2020 10:53 am PDT by Joe Rossignol
On the 10th anniversary of the iPad launching in stores, Agile Partners co-founder Jack Ivers has shared an interesting story about how his company managed to get in Apple's good graces and ultimately gain access to prototype iPads. The story begins in 2008, when Agile Partners released GuitarToolkit as one of the first iPhone apps on the App Store. The app used the iPhone's microphone to...