Apple is expanding its bug bounty program to solicit security vulnerabilities from security researchers. The program will now be open to all, not just researchers on pre-approved list.
The bug bounties have also increased from $200,000 to as much as $1 million for the most serious bugs, such as hacking the kernel — the core of any OS — with zero clicks required by the iPhone owner. Another $500,000 will be given to those who can find a “network attack requiring no user interaction.” There’s also a 50% bonus for hackers who can find weaknesses in software before it’s released.
Apple is also extending the program to watchOS. The announcements were made in a talk by Apple’s head of security engineering Ivan Krstić at the annual Black Hat conference. Krstić said the bug bounty program has been a success to date, with 50 serious bugs reported since the 2016 launch.
