About three years ago, Apple began to pay security researchers for unknown vulnerabilities in iOS, and today it responds to many requests by adding macOS, watchOS and tvOS devices to the list. In addition, the company now offers a maximum reward of $ 1 million for the most serious security issues, giving researchers even more incentive to report rather than hear their findings.
The news went public today at the annual Black Hat Security Conference in Las Vegas (via TechCrunch), where leading Apple security developer Ivan Krstić revealed key updates to the bug promotion program. Apple will now pay $ 1 million for a seriously serious exploitation ̵
For the company, the risk of low payouts has been that security researchers will instead hand their findings to private organizations, such as Grayshift and Cellebrite, which will later leverage Apple's devices for profit. To further stimulate proactive reporting, Apple is also offering a 50% bonus to researchers who report pre-release vulnerabilities, and next year will provide select "controlled and reliable" researchers pre-loaded iPhones that may have vulnerabilities at the secure shell level.
Apple TV, Apple Watch and Mac users will also benefit from the bug reporting software, which was previously largely focused on Apple's iPhones and iPads. In February, German security researcher Linus Henze criticized the company for not offering Mac bug amounts, and publicly disclosed a large Mac password protection that would otherwise be private. The Google Project Zero team has also weighed in on the issue, noting that Apple has left major Mac vulnerabilities that haven't been fixed for months at a time, compromising user security in the process.
Just this year, the company has twice restricted FaceTime access over iPhone and Apple Watch vulnerabilities that could seriously compromise users' privacy, allowing callers to listen to their missed devices. Researchers have also uncovered security issues in Macs & # 39; Intel chips and macOS & # 39; app whitelisting system, which can lead to widespread use of Apple computers.