The company is paying hackers millions, but only if they play by the rules.
Apple just rolled out the next big chapter for its Apple Security Bounty program. The update brings the highest rewards in the industry.
Starting this November, Apple is revamping its Security Bounty program to offer some of the largest rewards ever seen in the cybersecurity world. The program rewards security researchers who responsibly report vulnerabilities across Apple’s operating systems, devices, and services.
Apple has doubled its top reward from $1 million to $2 million for discovering exploit chains capable of achieving the same goals as advanced mercenary spyware attacks – the kind that require no user interaction.
But that’s not all. The maximum payout can now exceed $5 million for discovering even more critical vulnerabilities, such as bugs in beta software or bypasses in Lockdown Mode – Apple’s upgraded security feature designed to protect users from sophisticated attacks, especially in Safari.
The payouts for other types of discoveries are also seeing a major bump:
A preview of how Apple is increasing rewards for five key attack vectors. | Image credit – AppleThe only system-level iOS attacks we observe in the wild come from mercenary spyware — extremely sophisticated exploit chains, historically associated with state actors, that cost millions of dollars to develop and are used against a very small number of targeted individuals.
