Apple will reward anyone who discovers bugs in macOS

Manuel Alonso

2 minutes

Until today Apple had a bounty program for security researchers who detect bugs in iOS. These rewards used to be invitations to special events or occasions that the American company used to celebrate. As of today, Apple has announced that it will expand those rewards for those who also find bugs in the other operating systems, including macOS.

This new program started today. It was announced by Apple at the Black Hat conference held in Las Vegas earlier this year.

Succulent rewards if you find bugs on macOS, iOS, tvOS, watchOS or iCloud

This Apple bug bounty program was invitation-based, and as of today, non-iOS devices were not included. But this has changed and as of today, Any security researcher who finds bugs on iOS, macOS, tvOS, watchOS, or iCloud, can be paid cash for revealing the vulnerability to Apple.

Before the expansion of this program, the reward for detected vulnerabilities was $ 200.000 per exploit. Right now the prize can reach up to a million dollars. It will depend on the detected problem, but a zero-click kernel code execution with persistence will get the maximum amount. An incredible rise that will make many people who are dedicated to the subject of computer security, put the batteries.

Good for users, good for Apple. In this way, those who find these vulnerabilities will be rewarded with a good amount of money and Apple benefits by having, now, all its operating systems up to date.

But the new surprises do not end here. Apple says it will add a 50 percent bonus on top of the standard payment for bugs found in beta software, allowing the company to eliminate the problem before the operating system version is made public. It also offers the same bonus for so-called "regression errors." Bugs that Apple has fixed in the past but have accidentally reappeared in a later version of the software.

You can find all the details on the website that Apple has created for the occasion. In this page Bug bounty program rules detailed as well as full rewards breakdown offered to investigators based on the exploits they discover.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.