Apple opens up its bug bounty program to all

After announcing its bug bounty program at the Black Hat security conference back in August, Apple has now officially opened up its program to all security researchers.

Before today, the iPhone maker's bug bounty program was invitation-based and only select security researchers were able to take part in the program to find vulnerabilities in iOS.

Now Apple has expanded its program by raising its maximum bug bounty reward from $200k to $1.5m and the company will also accept vulnerability reports for iPadOS, macOS, tvOS, watchOS and iCloud in addition to iOS.

Bug bounty rules and rewards

Apple also published a new page on its website which explains the rules of the bug bounty program along with a breakdown of the rewards researchers can earn for submitting reports on exploits they've discovered.

In order to be eligible for a bug bounty reward researchers must be the first party to report the issue to Apple Product security, provide a clear report with a working exploit and not disclose the issue publicly before Apple releases the security advisory for the report.

To earn the biggest reward the program has to offer, they will need to find security bugs that are new, affect multiple platforms, work on the latest hardware and software and impact sensitive components. Finding vulnerabilities in beta releases will earn researchers even more as Apple will add a 50 percent bonus on top of the regular payout for all bugs reported in a beta release.

Additionally, the company will pay a 50 percent bonus for regression bugs which are bugs that were previously patched in older versions of its software that have accidentally been reintroduced in its code at a later point. Vulnerabilities that can result in zero-click or one-click attacks will also earn researchers top prizes but they will need to submit a full exploit chain to claim their reward.

Via ZDNet

http://www.techradar.com/news/apple-opens-up-its-bug-bounty-program-to-all

Source: TechRadar - All the latest technology news

By: Anthony Spadafora

Watch Cheltenham live: stream all the 2020 festival's biggest races online anywhere
Watch Cheltenham live: stream all the 2020 festiva ...
James Currier, Sarah Nahm, Arun Mathew and Vlad Magdalin to speak at Early Stage SF
James Currier, Sarah Nahm, Arun Mathew and Vlad Ma ...
Disney’s Myth: A Frozen Tale should be a case study for anyone filmmaking in VR
Disneys Myth: A Frozen Tale should be a case st ...
This Android wrist computer could be more powerful than an iPhone 7 and we tested it
This Android wrist computer could be more powerful ...
Meet 5 cybersecurity unicorns that could IPO in 2020
Meet 5 cybersecurity unicorns that could IPO in 20 ...
WhatsApp Messenger just crossed 2 billion users worldwide
WhatsApp Messenger just crossed 2 billion users wo ...