Apple Expands Security Bounty Program to Include macOS

Bug bounty programs are one of the most effective tools at a company’s disposal to find and fix bugs in operating systems and software. Under such a program, security researchers are paid a bounty f...
Apple Expands Security Bounty Program to Include macOS
Written by Matt Milano
  • Bug bounty programs are one of the most effective tools at a company’s disposal to find and fix bugs in operating systems and software. Under such a program, security researchers are paid a bounty for vulnerabilities they find and report to the company.

    In 2016, Apple opened a security bounty program for iOS and invited specific researchers to join it. However, according to an announcement on their website, the company has expanded the program to all operating systems—iOS, iPadOS, macOS, tvOS and watchOS. The program is also available to all security researchers, rather than a select few.

    Payouts for bugs range from $100,000 to $1,000,000. According to Apple, “researchers must:

    • Be the first party to report the issue to Apple Product Security.
    • Provide a clear report, which includes a working exploit (detailed below).
    • Not disclose the issue publicly before Apple releases the security advisory for the report. (Generally, the advisory is released along with the associated update to resolve the issue).”

    This is a welcome announcement by Apple and should help improve security on Apple’s products even more.

    Get the WebProNews newsletter delivered to your inbox

    Get the free daily newsletter read by decision makers

    Subscribe
    Advertise with Us

    Ready to get started?

    Get our media kit