THE Apple was present at Black Hat 2019 to announce the expansion of its rewards program for security experts who find bugs on iOS: now, bonuses could reach $ 1 million, depending on the severity of the failure identified.
In fact, the expansion of the program goes beyond the iOS ecosystem. By the end of the year, Apple will also reward vulnerability notifications on platforms such as macOS, watchOS, tvOS and iCloud.
In addition, the program will be open to any interested specialist, and it is no longer necessary to have an invitation to participate.
But what is most striking is the expansion of the maximum reward to $ 1 million. By default, Apple had been working with the maximum value of $ 200,000 – and was criticized for that, after all, the reported bugs could free it from much greater losses.
Obviously, the amounts paid vary according to the severity of the problem. The amount of US $ 1 million will be paid to the researcher who finds a flaw that gives full access to the iPhone from code executed at the iOS kernel level, without the user having to take any action to do so.
Apple Bug Bounty. pic.twitter.com/jyD9UwU9pI
– mikeb (@mikebdotorg) August 8, 2019
Other prizes include payments of up to $ 100,000 for iCloud failures, up to $ 250,000 for critical vulnerabilities exploited by an application installed on the system, and up to $ 500,000 for network attacks, but without user interaction.
Along with the increase in rewards, Apple will create a program that will provide unlocked iPhones to selected specialists so that they can more easily identify flaws.
Devices of this type have been used for a long time by Apple developers for vulnerabilities. They have certain protections deactivated and come with features that aid in research, such as root access and debugging tools.
With information: Bloomberg.