Apple opens its bug reward program to everyone
Apple has expanded its rewards program for security researchers who report bugs, now allowing anyone to sign up. Previously, an invitation was required. The program is also being expanded from only iOS to other operating systems.
On a webpage, Apple has set out what a security researcher must meet in order to be eligible for a payment. For example, the researcher must be the first to report a bug and a clear report including a working exploit must be sent. Anyone who finds something can email his or her report to Apple. The maximum reward for an exploit that bypasses kernel security without requiring user input is $1 million. Incidentally, researchers will receive an extra 50 percent if the bug is discovered in a beta version.
At the same time, Apple is expanding its bug reporting program, which can report not only security vulnerabilities with iOS, but also other software, such as macOS, iCloud, tvOS, watchOS and iPadOS.
Previously, only select security researchers were eligible for a bug report reward. The program has been in existence since 2016.