At the Black Hat conference held this weekend in Las Vegas, Apple issued a long-awaited announcement to security researchers.
The Cupertino-based company announced that it expanded the bug-bounty program to include macOS, tvOS, watchOS and iCloud.
As The Verge reports, the Apple bug bouncer started three years ago, but only paid the amount of bugs detected in iOS. Now, scientists will be rewarded for detecting errors on all Apple software and hardware.
Maximum reward has also been raised from $ 200,000 to $ 1 million, even though it applies only to sustained full-chain driving that does not require user interaction. .
Apple will also pay amounts for the following error discoveries:
- Lock Screen Reversal: $ 1
- User Data Extraction: $ 250,000
- Unauthorized High Value User Data Access: $ 100,000
- Core Execution code: $ 150,000
- CPU side channel attack on high value data: $ 250,000
- One-click unauthorized access to high-value user data: $ 150,000
- Core code execution with click: $ 250,000
- Zero click Core Proximity Nuclear Radio: $ 250,000
- Zero-click access to high-value user data: $ 500,000
- Persistent full-chain core code execution without user interaction: $ 1,000,000
Researchers and developers who detect errors and want to submit a report, can go to Apple's developer page to find the process for submitting reports.
Either this updated program will inspire people to come to Apple instead of publishing hack forum errors or the dark web remains to be seen.
At least now it's an incentive for people to go to Apple first.