Apple has invited everyone to join the bug bounty program. Previously, it was available only to selected information security specialists and by invitation only.
The program affects not only iOS, but also other Apple software products – iCloud, iPadOS, macOS, tvOS watchOS. The total fund for making payments exceeds one million US dollars.
The researcher who found the bug should describe it in detail so that Apple engineers can reproduce the problem. Digging deep in the code or suggesting solutions is not required, which greatly simplifies the task and increases the chance of getting paid.
Approximate reward for detecting the most dangerous bugs:
- Bypass device lock screen without authorization – from $25,000 to $100,000
- Getting unauthorized access to iCloud – from $25,000 to $100,000
- Retrieving data from a locked device – from $100,000 to $250,000
Any bug found in the beta version of the platform increases the payout by 50%. You can also count on extra money if the problem is so fundamental that it affects several operating systems at once and is relevant for the latest Apple devices. An increased payment can be received for reporting a bug, with which you can hack into a device without physical access to it. In this case, the researcher should also describe the entire chain of exploits used and the detailed sequence of their actions.
Apple’s bug bounty terms are among the most attractive and generous on the market. To get into the number of selected information security experts who could take part in it was not so simple before, but now the situation has changed. Perhaps this is due to the fact that Apple wants to make the next iOS updates as seamless as possible – according to rumors, when developing iOS 14, the company will focus not on adding new features, but on fixing bugs.