Communications of the ACM

Home/News/Apple Opens Public Bug Bounty Program, Publishes Rules/Full Text

ACM TechNews

Apple Opens Public Bug Bounty Program, Publishes Rules

By ZDNet
December 27, 2019
Comments

View as: Print Mobile App Share:

Apple has formally opened its bug bounty program to all researchers and outlined the program's rules on its website. The company now accepts exploits in iPadOS, macOS, tvOS, watchOS, and iCloud in addition to iOS, and has upped its maximum bounty from $200,000 to $1.5 million.

Submitted vulnerabilities must be novel, impact multiple platforms, function on the latest hardware and software, and affect sensitive components to qualify for the top $1.5 million reward.

Apple will add a 50% bonus plus the regular reward for any exploit in beta releases, and a 50% bonus for regression bugs — but entrants must include full exploit chains for any zero-click or one-click vulnerabilities to qualify for bounties. "Requiring an exploit puts the onus on the researcher . . . but also then will help Apple quickly and fully understand which bugs should be prioritized and thus fixed [first]," says Apple security researcher Patrick Wardle.

From ZDNet
View Full Article

No entries found

Apple Opens Public Bug Bounty Program, Publishes Rules

The State of the Metaverse

The Perils of Leveraging Evil Digital Twins as Security-Enhancing Enablers

Interview Answers That are Not Going to Help You