Apple expands bug program with monstrous $1 million bounty


The CIA has a team of more than 5,000 hackers.
Hackers can get PAID for finding bugs now.
Photo: Brian Klug/Flickr CC

Apple is ready to pay a bigger bounty than any other tech company when it comes to finding bugs on the iPhone or other Apple products.

The iPhone-maker revealed today at the Black Hat conference in Las Vegas that it will now pay up to $1 million for some discovered vulnerabilities, up from the $200,000 it offered when the bug bounty program began three years ago.

More platforms are covered by the more lucrative bug bounty program. Apple told hackers at Black Hat that they can now submit bugs for macOS, tvOS, watchOS, and iCloud too. Previously you had to get an invite to the bug bounty program but Apple said it will open it up to all security researchers now.

It was revealed earlier this week that Apple plans to give bug hunters developer devices that provide deeper access into iOS. After refusing to pay bug bounties for years, Apple is finally going all-in on paying third-parties to ensure iOS and other platforms are locked down on security.

To get a $1 million reward you have to discover a zero-click, full chain kernel code execution attack. Apple will pay $500,000 if you find a “network attack requiring no user interaction.” Vulnerabilities discovered before the software is released earn a 50% bonus.

Despite the pay increase from Apple, info on these types of vulnerabilities can be sold to other companies for a lot more. Last year, Crowdfense offered $3 million to anyone that could find a zero-day exploit on iOS, macOS, Windows or Android.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.