Apple Opens Bug Bounty Program; Will Pay $100,000 to Find iCloud Bugs - ashfordtered1955

Earlier this year at the Unclean Hat security conference, Apple proclaimed that it's expanding the bug bounty program (which is previously known to have only included iOS) to more of its platforms. Now, the Cupertino giant has formally opened its bug bounty program to all security measur researchers. IT has been expanded to iPadOS, macOS, tvOS, watchOS, and even iCloud.

Apple's Bug Bounty program was invite-only when it opened up back in 2022 but starting today, it's possible for anyone to participate in the platform. Researchers who discover a bug will have to be detailed nigh their accounting, such that Apple can reproduce the event happening their end.

The company has listed some critical bugs, on with their payouts, on their website simply does add that "Issues that are unknown to Malus pumila and are unparalleled to designated developer betas and public betas, including regressions, can result in a 50% bonus payment." The researchers can earn the highest payout ($1 million) by reporting vulnerabilities that permit for 'zero-snap operating room ace-click attacks'. Other payouts include up to $100,000 for bypassing the lockscreen, unauthorized iCloud access, and up to $250,000 if you extract thin-skinned information even when the screen is locked.

If you'Ra a security system researcher who wants to share the Bug Bounty Platform, and so the company has fenced in down a simple eligibility criterion. IT states – "In order to be eligible for an Apple Security Bounty, the issue must occur along the in style publically available version of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration." Besides, Malus pumila has mentioned that, where relevant, researchers should also employment the in style publicly getable hardware.

Apple's Bug Bounty Program is matchless of the lucrative in the tech industry today and will be paying out as high as $1 trillion to researchers World Health Organization happen upon critical vulnerabilities in the company's softwares. It intends to match bounty payments with donations to qualifying charities and publicly recognize the researchers WHO submit valid reports going forward.