Apple announced a new, more diverse level of security bug detection bonus

As planned, Apple has just announced a new security bug bounty program, bringing up to $ 1 million or more for any security expert who can find vulnerabilities. large, serious appearances in the operating system as well as products of the software ecosystem of the company.

Apple's security bug bounty reward program, first announced in 2016, only applies to security researchers who receive iOS invitations and vulnerabilities. However, within the framework of the Black Hat global cybersecurity conference held in August, Apple disabled the program to expand this program, including more platforms of the Apple ecosystem such as iCloud, iPadOS, macOS, tvOS, watchOS, and especially unlimited number of participants. Of course, in order to receive the bounty, researchers must submit a detailed description of the flaw, including how they found it, how dangerous it is, and what to do to deal with it. .

The highest rewards will be in cases of discovering multi-platform vulnerabilities (affecting multiple Apple platforms at the same time), especially if this vulnerability has a negative impact on devices and parts. New soft launch of Apple. In case of finding a vulnerability in the beta version, the researcher will receive an additional 50% of the standard reward. A few bonus levels have been specified, including:

1. $ 25,000 to $ 100,000 for data extraction vulnerabilities and bypassing the device's lock screen.
2. $ 25,000 to $ 100,000 for vulnerabilities that allow unauthorized iCloud access.
3. $ 100,000 to $ 250,000 for a vulnerability that allows sensitive data to be extracted from a locked device
4. $ 1 million for vulnerabilities that allow an attacker to remotely control the device.
5. $ 1 million for security could lead to a full-chain kernel code execution attack.

Apple announced a new, more diverse level of security bug detection bonus Picture 1

As such, the highest reward will be for zero-click vulnerabilities, allowing an attacker to hijack the device without the owner knowing it. However, to receive the bonus, you must send the full mining chain along with detailed reports to Apple.

Scaling up the security bug-finding program to receive bonuses is a necessary move, showing Apple's interest in contributions from outside resources, from product quality and user experience. will also be greatly improved.