Apple Introduces its First Security Bounty Program
Apple announced its first-ever bug bounty program, offering computer security researchers up to $200,000 for each software bug they find that makes Apple products less secure.
The bounty program will begin as invite-only on Sept. 1, including only a few dozen researchers. Apple said the program will become more open as it grows, and if a non-member approaches Apple with a significant bug, they’ll be invited into the program to work it through. The program offers payments of $50,000 to $200,000 depending on the severity of the bug discovered.
In addition, for now, the new program is also limited to five distinct categories of bugs. The most valuable category — worth up to $200,000 — is vulnerabilities that compromise the secure boot firmware components, cutting at the heart of Apple's hardware protections. Smaller rewards are available for the extraction of data from the Secure Enclave, extraction of arbitrary code, escaping a sandboxed process, and obtaining unauthorized access to iCloud account data.