Sign In

Communications of the ACM

ACM TechNews

Apple Opens Public Bug Bounty Program, Publishes Rules

View as: Print Mobile App Share:
dollar bills inside Apple logo

Apple has formally opened its bug bounty program to all researchers and outlined the program's rules on its website. The company now accepts exploits in iPadOS, macOS, tvOS, watchOS, and iCloud in addition to iOS, and has upped its maximum bounty from $200,000 to $1.5 million.

Submitted vulnerabilities must be novel, impact multiple platforms, function on the latest hardware and software, and affect sensitive components to qualify for the top $1.5 million reward.

Apple will add a 50% bonus plus the regular reward for any exploit in beta releases, and a 50% bonus for regression bugs — but entrants must include full exploit chains for any zero-click or one-click vulnerabilities to qualify for bounties. "Requiring an exploit puts the onus on the researcher . . . but also then will help Apple quickly and fully understand which bugs should be prioritized and thus fixed [first]," says Apple security researcher Patrick Wardle.

From ZDNet
View Full Article


Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account