Apple’s head of security engineering and architecture Ivan Krstić has announced that the company’s bug bounty program will now be extended to Macs, MacBooks, Apple TV, and Apple Watch. The program so far had only existed for iOS.
The announcement was made at the Black Hat conference in Las Vegas. The move by Apple has come three years after it first debuted its bug bounty program for iOS. The announcement is bound to bring some joy to security researchers who would refuse to report bugs in Apple products because of the absence of a bug bounty program.
The concept of the bug bounty is simple: if you spot a bug and report it back to Apple, you get paid for it. Under the bug bounty program, Apple was paying a maximum of $200,000 to security researchers who found bugs in iOS. Besides extending the program to its other devices, Apple has now also raised the maximum payout to $1 million.
Under this new program spotting a zero-click, full chain kernel code execution attack exploit can get a security researcher the maximum payout of $1 million. The updated version of the bug bounty program will be available to all security researchers starting later this year.