Apple has expanded its bug bounty program, increasing the rewards for security researchers who can provably hack an iOS or macOS device.Â
The company first launched its bug bounty program in 2016, offering rewards of up to $200,000 for finding vulnerabilities in iOS devices that would allow an attacker to gain full control of the device, without any user interaction.Â
Now, on stage at the Black Hat conference, which takes place from August 3 – 8 in Las Vegas, Apple head of security Ivan KrstiÄ‡ announced significant changes to the program (via ZDNet). This fall, the reward will be increased to $1,000,000, and will expand to all of Apple’s platforms: iOS, iCloud, tvOS, iPadOS, watchOS, and macOS.
This is, again, for gaining full control of the device remotely, without the user touching anything.Â
There will also be smaller rewards, up to $500,000, for disclosing other types of vulnerabilities; for example, bypassing an iPhone’s lock screen while having physical access to the device will net you $100,000, while kernel code execution via a user-installed app is worth $150,000.Â
Apple will also start offering a 50 percent bonus for any bugs found in its pre-release builds.Â
The news about Apple’s expanded bug bounty program was first reported by Forbes, which said Apple would give security researches jailbroken iPhones, to make it easier for them to search for vulnerabilities.Â
The $1 million figure may sound like a lot, but it’s actually just Apple catching up with the demands of the market. In 2016, security company Zerodium started offering $1,500,000 for a “zero-day” iOS hack (the offer was since increased to $2 million), and security experts can often sell freshly found security vulnerabilities for even bigger sums to governments and major corporations.Â