Apple has formally opened its bug bounty program to all researchers and outlined the program's rules on its website. The company now accepts exploits in iPadOS, macOS, tvOS, watchOS, and iCloud in addition to iOS, and has upped its maximum bounty from $200,000 to $1.5 million.
Submitted vulnerabilities must be novel, impact multiple platforms, function on the latest hardware and software, and affect sensitive components to qualify for the top $1.5 million reward.
Apple will add a 50% bonus plus the regular reward for any exploit in beta releases, and a 50% bonus for regression bugs — but entrants must include full exploit chains for any zero-click or one-click vulnerabilities to qualify for bounties. "Requiring an exploit puts the onus on the researcher . . . but also then will help Apple quickly and fully understand which bugs should be prioritized and thus fixed [first]," says Apple security researcher Patrick Wardle.
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA