Spotted a vulnerability in Apple software, but not among Cupertino’s chosen developers tasked with seeking out bugs? No problem. As of today, Apple’s $1.5 million bug bounty program is available everyone who wants to participate. Previously, it was only open to a select few.
The bug bounty means people can earn up to 7-figures for finding weaknesses in Apple software. These could otherwise be exploited by nefarious hackers.
As Apple notes on its Security Bounty webpage:
“We reward researchers who share with us critical issues and the techniques used to exploit them. We make it a priority to resolve confirmed issues as quickly as possible in order to best protect customers. Apple offers public recognition for those who submit valid reports, and will match donations of the bounty payment to qualifying charities.”
People hoping to net the reward must make sure they’re using the latest publicly available versions of software. You must be the first party to report the bug, provide a clear report, and not disclose the issue ahead of letting Apple know about it.
Apple also published a list of rewards. While the top tier is $1 million, Apple offers a 50% bonus for bugs found in developer and public betas.
While these terms are generous, other companies do offer more. For instance, last year Crowdfense offered $3 million to anyone that could find a zero-day exploit on iOS, macOS, Windows or Android. Still, if you want to ensure the problem is fixed as soon as possible, you may want to consider going direct to Apple.
Hey, at the very least it’s going to look pretty good on any future job applications to the company.