Apple today announced an expansion of its BUG reward program, opening up to all security researchers, and expanding its vulnerability reporting devices. At the Black Hat Security Conference in Las Vegas in August, Apple announced that it would expand its BUG reward program, welcoming security experts to submit security vulnerabilities found in Apple products.
Previously, Apple offered BUG reward programs only to selected security researchers through invitations, and only accepted security vulnerabilities on iOS systems. But starting today, Apple is expanding its reward program to iPad OS, macOS, tvOS, watchOS and iCloud while opening up to all security researchers.
In addition to expanding the BUG reward, Apple has increased its bounty. Depending on the risk and complexity of the BUG, Apple also raised the bounty limit from $200,000 to $1,500,000. Now that the new reward program is in effect, interested researchers can go to Apple’s page for more details.
If it’s not particularly easy to get a capped bounty, Apple sets a high bar. To receive the highest awards and awards, researchers must submit clear reports. These include:
A detailed description of the issues reported.
Any prerequisites and steps to bring the system into an affected state.
Reasonable and reliable use of reported problems.
Apple needs enough information to reproduce the problem reasonably.