Apple increased bug bounty payout to one million dollars

Apple has decided to expand the bug bounty program. Now, specialists will receive rewards not only for finding vulnerabilities in the iPhone, but also on the Mac and MacBook, as well as on Apple TV and Apple Watch. The maximum amount of reward will reach one million dollars. Today it is the highest price for finding bugs on the market.   The idea of ​​the program is simple: you find a vulnerability, inform Apple about it, the company fixes the vulnerability, and in return you receive a cash payment. These programs are extremely popular in the technical industry, as they help fund security researchers in exchange for identifying serious software flaws that might otherwise be exploited by cybercriminals.   Apple said that a million will be issued if the specialist can find a vulnerability that will allow him to gain full control over the phone without any interaction with the owner. Another $ 500 thousand will be provided to those who can detect a “network attack that does not require user interaction.” There is also a 50% bonus for those professionals who can find weaknesses in the software before its release. Moreover, starting in the fall, the program will be open to all researchers. Previously, only those who participated in the program at the invitation of the company had the right to receive remuneration.   In addition, participants in bug bounty will receive from Apple special iPhones running on a more open version of iOS. Participants will not have access to protected sections, however, according to Forbes, special devices will facilitate the search for vulnerabilities.   Apple launched its vulnerability search program back in 2016, but the remuneration before this year was much more modest – $ 200 thousand. In addition, not every specialist could get money for a found bug. For example, in January of this year, student Grant Thompson found a mistake in group calls on FaceTime. Vulnerability allowed access to sound and video from the interlocutor’s device before he picked up the phone. Grant tried to report the error to the company within nine days, but nothing came of it. The bug was fixed only in February.   In addition, at the beginning of the year, user Linus Hentze discovered a vulnerability that allowed to monitor passwords in macOS. He did not wait for a reward and refused to disclose details.   As Patrick Wardle, a security expert at Jamf, told TechCrunch, he had previously found several vulnerabilities in Apple devices, but the company had long refused to reward for errors.   “Of course, they hired a lot of incredibly talented researchers and security experts, but so far they have never had a transparent mutually beneficial relationship with external independent researchers. Of course, [this program] is a victory for Apple, but in the end it is a huge victory for the end users of its products, ”says Wardle.