TechLair

  • Home
  • contact
  • About
  • Privacy Policy

Apple Opens Bug Bounty Program; Will Pay $100,000 to Find iCloud Bugs

Saturday, December 21, 2019 by Piyush Suthar | Comments

Home News Tech Apple Opens Bug Bounty Program; Will Pay $100,000 to Find iCloud Bugs

Apple bug bounty program

Earlier this year at the Black Hat security conference, Apple announced that it’s expanding the bug bounty program (which is previously known to have only included iOS) to more of its platforms. Now, the Cupertino giant has officially opened its bug bounty program to all security researchers. It has been expanded to iPadOS, macOS, tvOS, watchOS, and even iCloud.

Apple’s Bug Bounty program was invite-only when it opened up back in 2016 but starting today, it’s possible for anyone to participate in the program. Researchers who discover a bug will have to be detailed about their account, such that Apple can reproduce the issue on their end.

The company has listed some critical bugs, along with their payouts, on their website but does add that “Issues that are unknown to Apple and are unique to designated developer betas and public betas, including regressions, can result in a 50% bonus payment.” The researchers can earn the highest payout ($1 million) by reporting vulnerabilities that allow for ‘zero-click or one-click attacks’. Other payouts include up to $100,000 for bypassing the lockscreen, unauthorized iCloud access, and up to $250,000 if you extract sensitive information even when the screen is locked.

If you’re a security researcher who wants to partake in the Bug Bounty Program, then the company has penned down a simple eligibility criterion. It states – “In order to be eligible for an Apple Security Bounty, the issue must occur on the latest publicly available version of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration.” Also, Apple has mentioned that, where relevant, researchers should also use the latest publicly available hardware.

Apple’s Bug Bounty Program is one of the lucrative in the tech industry today and will be paying out as high as $1 million to researchers who discover critical vulnerabilities in the company’s softwares. It intends to match bounty payments with donations to qualifying charities and publicly recognize the researchers who submit valid reports going forward.


Authored by Piyush Suthar
Pro Blogger


Follow me on Twitter, Facebook, Google+, YouTube.

Load comments
  • Newer Post
  • Home
  • Older Post
  • techlair
    Over 1,500+ Readers

    Get fresh content from TechLair

    brand222 facebook brand2 envelope-o

    BEST OF TechLair

    30 Best Free Handwriting Fonts For Designers
    After Reliance Jio drags COAI into a legal battle, the Delhi HC has asked the association against making any false statements
    Poco F1 Price Slashed; Available for Just Rs. 17,999
    Malala Yousafzai and Elon Musk's little Twitter conversation has won over many hearts


    Copyright © 2019 TechLair. All rights reserved.
    Privacy Policy • DMCA • Contact