Apple opens bug bounty program to all

Post Reply
saurav
Posts: 14
Joined: Thu Jan 16, 2020 8:42 am
Location: banglore

Apple opens bug bounty program to all

Post by saurav »

Apple has opened its bug bounty program to all security researches, having previously been invitation-only and limited to iOS vulnerabilities.  maximum reward has been increased from $200,000 up to $1 million, which is paid for a zero-click kernel code execution with persistence, ImageAny researcher who discloses a vulnerability must submit a report that includes:A detailed description of the issues being reported.
  • Any prerequisites and steps to get the system to an impacted state.
  • A reasonably reliable exploit for the issue being reported.
  • Enough information for Apple to be able to reasonably reproduce the issue.
Reports that include a basic proof of concept instead of a working exploit are eligible to receive no more than 50% of the maximum payout amount.For those looking to maximize their payout, Apple said it is particularly interested in bugs that affect multiple platforms, impact the latest publicly available hardware and software, impact sensitive components, and are novel.Any bugs found in beta releases come with an extra 50 percent bonus on top of the standard payout. These are highly valued as discovering bugs in beta allows Apple to address them before the public rollout. The 50 percent extra bonus is also offered for “regression bugs,” which are vulnerabilities that Apple patched in previous versions of its software but have been accidentally reintroduced in a later version.
 
 

Post Reply