Apple has confirmed at Black Hat a vast expansion to its security bounty program along with opening it up to all.
Up until now, Apple has restricted its bug bounty program to iOS and limited those who can participate in it. One of the first big changes announced today by Apple’s Head of Security for Engineering and Architecture, Ivan Krstić, is that the program will be opening up to include all of Apple’s platforms, even macOS and iCloud.
Going further, the expanded program will be open to all security researchers come this fall and Apple also shared a list of some of the new payouts which will go up to $1 million. The original iOS bounty program maxed out at a $200,000 payout.
Bounties for finding bugs that allow Lock screen bypass or unauthorized access to iCloud pay out $100,000. Discovering vulnerabilities that could allow an attack via a user-installed app or network attacks pay up to $250k, while uncovering bugs that would allow network attacks with no user interaction pay up to $1 million. That top payout is reserved for discovering a zero-click kernel code execution with persistence. However, finding pre-release bugs can earn researchers up to a 50% bonus.
Apple also detailed its new iOS Security Research Device program. It will be launching next year and will also be open to all, as long as applicants have a “track record of high-quality systems security research…” This is what will put dev devices like special iPhones into researchers’ hands. Apple says it is an “unprecedented, Apple-supported iOS security research platform” that features “ssh, a root shell, and advanced debug capabilities.”