Three years ago, Apple debuted its first bug bounty program for iOS devices. Many researchers criticized the tech giants decisions for not including macOS and other Apple platforms.
It appears Apple has finally listened to developers and security experts who were previously pointing out macOS vulnerabilities for free. At the ongoing Black Hat 2019 conference in USA, Apple announced that it is expanding its bug bounty program to macOS, tvOS, watchOS, and iCloud.
On top of that, the bug bounty program will include rewards up to $1 million for a zero-click, full chain kernel code execution attack. Previously, the maximum reward limit was up to $200,000 per exploit.
Under the updated Apple’s bug bounty program, researchers can claim a 50% bonus if the vulnerability is reported in the pre-release build. The bounty program will be available to security experts later this year.
For many security researchers, bug bounty programs have been significant motivations to report flaws to tech companies. In fact, ethical hackers aged as low as 19-years have made millions from these programs. However, some have refused to submit macOS flaws to Apple since there was no bounty to start with.
If you think about it, security researchers are also right on their part. Tech companies like Google and Apple already have top-class researchers working on vulnerabilities day and night.
Whereas an ethical hacker with a few resources, sitting in his dorm room and discovering a flaw in an operating system is an achievement in itself — and one which needs to be rewarded.
Meanwhile, the contrary opinion is that the users’ security is being compromised in the end. Anyway, all this will likely to change since Apple has finally agreed to release a big bug bounty for all its systems.