Apple debuted its bug bounty program back in 2016, offering security researchers attractive rewards to find iOS security flaws. However, the company has so far only ran invitation-based programs for select security researchers. Today, Apple has formally opened its bug bounty program to all security researchers (via ZDNet).
Detailing the updated bug bounty program rules on its website, Apple says it will now be accepting vulnerability reports for a much wider spectrum of products that also includes as iPadOS, macOS, tvOS, watchOS, and iCloud. At the same time, the maximum bug bounty reward has been increased from $200,000 to $1,500,000.
Security bugs that affect multiple platforms, work on the latest hardware and software, and impact sensitive components will give researchers a bigger chance at netting the top $1.5 million reward.
To be eligible for the top prizes and various bonuses, researchers must submit clear reports, including:
- A detailed description of the issues being reported.
- Any prerequisites and steps to get the system to an impacted state.
- A reasonably reliable exploit for the issue being reported.
- Enough information for Apple to be able to reasonably reproduce the issue.
For more information on Apple’s security bug bounty program, visit this page.