Apple Will Pay Security Researchers Up To $1M To Find And Report Vulnerabilities

Almost three years after announcing its iOS bug bounty program, Apple has announced a new bug bounty for macOS that will pay security researchers up to $1 million to find and report vulnerabilities.

At the Black Hat security conference in Las Vegas last week, Apple announced the expansion of its bug bounty program that only covered iOS until now. Apart from increasing the maximum bounty from $200,000 to $1 million, the expanded program now comes to include Mac desktops, MacBooks, Apple TV, and Apple Watch.

The bounty program will pay ethical hackers to report any dangerous security vulnerabilities, instead of selling their findings to the highest bidder. The increased bounty amount is there to make sure that security researchers are not tempted to sell to oppressive (or otherwise) nation states, or security companies which would want to use the information offensively.

Apple has increased its bug bounty to $1M and expanded the program to include macOS – Mac desktops, MacBooks, Apple TV, and Apple Watch.

Click To Tweet

Of course, the amount given to anyone will depend on how severe the bug they find is. A $1m bounty will be paid for a weakness in iOS that can allow the kernel to be hacked, without user action. A 50% bonus is also given if a bug is found in pre-release software. This could potentially increase earnings to up to $1.5m.

The expansion comes at a time when governments and some companies are becoming more and more interested in acquiring knowledge of vulnerabilities and bugs, in order to use them for various purposes.