Image via @lorenzofb
Apple debuted the bug-bounty program as early as 2016, offering security researchers up to $ 200,000 USD to find iOS security flaws. The program has since lagged behind other companies, and today Apple announced significant changes that would benefit users.
According to TechCrunch Apple announced the announcements at the Black Hat Conference in Las Vegas, Nevada, today. The Bounty program will now pay for exploits found on macOS, tvOS and watchOS, and join iOS.
If you find a vulnerability and report it to Apple and the company fixes it, you will be paid.  Apple Security and Architecture Chief Ivan Kristic announced the new program, which is expected to fix bugs on Mac, Apple TV and Apple Watch, along with the iPhone and iPad.
Patrick Wardle, the most important security researcher at Jamf, told TechCrunch this was a victory for Apple users.
"Granted, they hired a lot of incredibly talented scientists and security professionals – but never really had a transparent mutually beneficial relationship with external independent researchers," Wardle said.
Apple also explained that the bounty program will be expanded to all researchers later this year, while the payout per bounty will increase five times to $ 1 million USD from $ 200,000. This huge payout will only be for exploits where hackers can gain control of a user's phone just by providing the phone number.
Here are Apple's payout amounts and related categories.
Maximum payout is now 1 million. pic.twitter.com/S2y25AScLa
– Lorenzo FB @ Black Hat (@lorenzofb) August 8, 2019
For researchers finding an exploit in beta versions of Apple's software and reported before a final release, they may also qualify for a 50% bonus payout within the specified vulnerability category.