Apple Announce Its Bug Bounty Program : Upto .5M Payout

Apple has opened its bug bounty program to the public, offering up to $1.5 million in payouts for serious vulnerabilities that can be exploited without user interaction.
The program had previously been limited to an invitation-based, and only chosen, licensed security researchers, but now open to anyone able to find a flaw in MacOS, iOS, tvs, watches, or iCloud.
Apple has also raised the annual bug bounty reward from $200,000 to $1.5 million, depending on the complexity and magnitude of the vulnerability chain and the maximum payout rate card below;

Topic Maximum Payout
iCloud Unauthorized access to iCloud account data on Apple Servers $100,000
Device attack via physical access Lock screen bypass $100,000
User data extraction $250,000
Device attack via user-installed app Unauthorized access to sensitive data** $100,000
Kernel code execution $150,000
CPU side channel attack $250,000
Network attack with user interaction One-click unauthorized access to sensitive data** $150,000
One-click kernel code execution $250,000
Network attack without user interaction Zero-click radio to kernel with physical proximity $250,000
Zero-click unauthorized access to sensitive data** $500,000
Zero-click kernel code execution with persistence and kernel PAC bypass $1,000,000

Apple officially published a new page on its website outlining the rules of the bug bounty program, which includes program requirements, payment breakdown, and how developers will report.
Researchers must:

  • Be the first party to report the issue to Apple Product Security.
  • Provide a clear report, which includes a working exploit (detailed below).
  • Not disclose the issue publicly before Apple releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue).

Issues unknown to Apple that are specific to approve developer betas and public betas, like regressions, that contribute to a bonus payment of 50 percent. The training issues are as follows:

  • Security issues introduced in certain designated developer beta or public beta releases, as noted on this page when available. Not all developers or public betas are eligible for this additional bonus.
  • Regressions of previously resolved issues, including those with published advisories, that have been reintroduced in a developer beta or public beta release, as noted on this page when available.

Issues unknown to Apple that are specific to approve developer betas and public betas, like regressions, that contribute to a bonus payment of 50 percent.
Also Read
India Sent Maximum Number Of Content Removal Requests In 2019 : TikTok
Unbelievable: Samsung sold 6.7 million 5G phones in 2019
Tips for Choosing the Best Bluetooth Headphones

LEAVE A REPLY

Please enter your comment!
Please enter your name here