Apple ups bug bounty rewards in security push

(Image credit: Shutterstock)

Apple is expanding the scope and the financial rewards of its bug bounty programme, offering up to $1 million to security researchers that find flaws in its full range of products.

The company launched a bug bounty programme for iOS three years ago, offering up to $200,000 to ethical hackers that responsibly reported vulnerabilities.

Now, the programme has been extended to cover Mac OS, Apple TV, Apple Watch and iPad OS. At present, iPads run iOS, but a new operating system will be rolled out to compatible tablets later this year.

Apple bug bounty

For all devices, the maximum $1 million bounty will be available to those who find advanced security flaws, while $500,000 will be given for reporting flaws that could potentially result in the loss of user data. There will also be a 50 per cent bonus if the vulnerability is discovered in a beta version of any software.

According to Bloomberg, Apple’s head security engineer Ivan Krstic told the Black Hat cybersecurity conference in Las Vegas that it would expand the number of researchers who can participate and would hand out special versions of the iPhone.

These iPhones will apparently disable certain cybersecurity features and enable deeper access to the platform. The programme expansion is scheduled to start early next year.

The moves go some way to addressing criticism that the monetary rewards on offer were too low given the importance that Apple places on the security features of its devices.

Rival Google started its own bug bounty scheme way back in 2010, while several other major technology companies also offer financial rewards. Microsoft paid out $2 million to researchers last year as part of its own efforts.

Via Bloomberg