At the Black Hat conference last week, Apple reported that the company is expanding its existing bug bounty program to include macOS, tvOS, watchOS, and iCloud. The rewards will reach up to $1 million for a zero-click, full chain kernel code execution attack.
Originally, Apple started paying iOS bounties approximately three years ago, however, security researchers have only been paid for the ones found in Apple’s mobile OS.
The fact that macOS was never included in the program made lots of researchers pushing the company to expand its bug bounty program far behind the iOS.
Apart from iOS, Apple’s bug bounty program will now cover macOS, tvOS, iPadOS, watchOS, and iCloud. While, at the same time, the company will open the program to all researchers who want to participate in it, expanding the payout far beyond the current $200,000.
The very maximum payout will expand up to $1 million payout for iOS vulnerabilities which allow hackers to control a phone without users interaction.
A few months ago, a security researcher found a macOS flaw but refused to submit it to Apple until the company pays researchers for reporting Mac vulnerabilities.
Now Apple hopes that its updated bug bounty program will convince more security researchers to report vulnerabilities instead of selling them on the black market.