Apple expanding its bug bounty program to double down on security issues

Apple is introducing an upgraded bug bounty program.

Speaking at the Black Hat conference in Las Vegas, Apple’s head of security engineering Ivan Krstić said that the company would be expanding its bounty program, covering macOS, tvOS, watchOS, iOS, iPadOS, and iCloud to further bolster the security of its operating systems.

Apple first introduced the bug bounty program back in 2016 for iOS, allowing security specialists who found bugs to receive a cash reward for their work, and for disclosing the vulnerability to Apple so it could be patched before it’s used by bad actors to cause harm.

The program was exclusively for iOS devices, which is something that has been criticized by security specialist and technology analysts, who argued Apple should expand the program.

macOS finally gets some attention

Indeed, earlier in the year Apple hit the headlines after a teenager refused to disclose the details of a major security flaw in macOS, which related to the Keychain.

The teenager said that he would only have handed over details of the vulnerability if Apple paid him.

The teenager eventually passed on the information to Apple but added that he hoped his refusal to hand over information initially would encourage Apple to change its ways on bugs.

The new macOS bug bounty program is open to all researchers and offers a bounty of up to $1,000,000 depending on the nature of the law.

For researchers who discover vulnerabilities in betas and pre-release software packages, a 50% bonus payout is offered on top, meaning a large-scale bug could net a researcher up to $1,500,000 in the most extreme of circumstances.

New developer phones

Apple is also offering researchers and hackers “developer” iPhones that offer deeper access to iOS, which should make it easier for them to find potential vulnerabilities in Apple’s code.

The new phones are part of a new iOS Security Research Device Program, which is set to launch next year and encourage researchers to disclose more bugs and vulnerabilities.

Are you pleased to see Apple expanding its bug bounty program? Have you spotted a bug in iOS or macOS code that has led to a pay-out? Let us know on Twitter and check back soon for more news on macOS, iOS, tvOS, watchOS, and more.

About the Author

Everything Apple, every day. This post was written by an AppleMagazine newsroom writer.