Apple has massively increased the bug bounty, and is now offering cyber security researchers up to $1 million bounty to detect security flaws in macOS, tvOS, watchOS and iCloud. It is the highest bug bounty on offer from any major tech company, at a time of rising privacy concerns on mobile devices. The tech giant also revealed that it will provide security researchers with special iPhones to help them discover bugs before hackers do.
Unlike other tech companies, Apple offered the bounty amount only to invited researchers who tried to find flaws in its phones and cloud backups. On Thursday, the company said it would open the process to all researchers at the annual Black Hat security conference in Las Vegas. Moreover, the bounty prize would apply only if the researchers are able to remote access the iPhone kernel without any action from the phone’s user.
To recall, Apple’s highest bounty was $200,000 for friendly bug reports that could be fixed with software updates and not leave them exposed to criminals or spies. However, government contractors and brokers have paid as much as $2 million to obtain information from devices. Earlier this year, a security researcher revealed that he had discovered a flaw in macOS, but refused to provide details to Apple because of the lack of a bounty program for the operating system. The flaw could reportedly expose user passwords.Moreover, At the Black Hat USA 2019 conference in Las Vegas, a new iOS flaw was revealed which let hackers break into iPhones by just sending a text. Simply receiving an iMessage could be enough to get yourself hacked.