Apple Security Bounty revamped: now invitation-free, with bigger rewards
Apple recently introduced substantial changes to its bug bounty program. Under the new terms, the Apple Security Bounty encourages all researchers-not just an invited few-to find and report bugs and vulnerabilities on Apple systems. The bug bounty applies to the entire range of Apple platforms.
While Apple has had a bug bounty program since 2016, participation was on an invite-only basis. Moreover, rewards were relatively low. The bounty has now been increased to a maximum of $1 million. A conditional 50% bonus applies, too, if vulnerabilities are reported during betas (so that they can be fixed before a public release).
As a corporate social responsibility gesture, Apple also says that if the discoverer of a bug decides to donate the money to a qualifying charity, they will match the amount.
All in all, the revised bounty terms are a step forward. They allow a wider range of researchers to approach Apple with potential vulnerabilities. Also, the rewards are now in line with the rates that Google and Microsoft offer.
Enhancing the bug bounty program is a smart move right now as new security vulnerabilities, such as checkm8, pose a significant risk to Apple owners. A wider range of researchers, including those involved with the jailbreak community, could provide Apple with much-needed security insights.