Apple finally rewards security researchers for finding security flaws in macOS. At the Black Hat conference today, Apple announced that it is expanding its existing bug reward program to include macOS, tvOS, watchOS and iCloud. It will include rewards of up to $ 1 million for a zero-click, full-chain chain-code attack.
While Apple originally started paying iOS bribes three years ago, researchers have only paid for those found in Apple's mobile operating system. macOS was never included, and this has led to a number of security researchers pushing the company to change course. Apple is now expanding the bug-bounty program far behind only iOS.
iCloud, iOS, tvOS, iPadOS, watchOS and macOS will now be covered. Apple is now opening the bug reward program for all researchers, and the payout is increasing beyond the current $ 200,000. To the maximum, a $ 1
The updated bounty program can help convince more security researchers to report vulnerabilities to Apple. Earlier this year, a security researcher detailed a macOS bug, but refused to send it to Apple before the company pays researchers for mac security bugs.
However, security researchers have not wanted to help Apple with security. Apple now offers up to $ 1 million to security researchers who detect and report iOS vulnerabilities, but these bugs are often far more valuable to sell on the black market.