Apple has opened a hacking program that will offer cash prizes to people who discover bugs and security flaws in the company's full range of devices, ZDNet reported on Friday.
To make it official, Apple has published a new page on its website, detailing the bug bounty program's rules, along with a breakdown of the rewards researchers can earn.
Apple opening bounty program to all researchers
— Jesse D'Aguanno (@0x30n) August 8, 2019
Expanding bounty targets pic.twitter.com/4iT9ILwpPX
The program, called Apple Security Bounty, is expanding on an earlier-launched invitation-only project dated 2016 to seek out holes in Apple’s iPhone security.
The new, expanded version will for the first time include iPads, Apple laptops and desktops, Apple TV, and Apple Watch, according to the official announcement of the move back in August, at the Black Hat security conference in Las Vegas.
A range of bounty prizes are on offer for anyone who can discover bugs that affect multiple devices, with an additional 50 percent bonus for bugs discovered in any of its software that is in beta.
To qualify for a prize, hackers or security experts need to submit a detailed description of the bug, with the Cupertino-based tech giant able to replicate the issue and conclude the steps as described cause the exploit or bug with reasonable reliability.
“Proof of concept” submissions will also be eligible for prizes, but only at half the value of a fully detailed and replicable report.
The top prize of $1 million will go to those who can successfully engineer a “zero-click”’ attack.
The latter is something that allows access to another person’s device without needing the original owner to click on a malicious link.
Other prizes range from $25,000 to $500,000, and include lockscreen bypass hacks, cracking into an iCloud account, and allowing unauthorised apps access to sensitive data.
Payouts
— Jesse D'Aguanno (@0x30n) August 8, 2019
+ 50% bonus for bugs in prerelease builds pic.twitter.com/eGHoTUAb4Y
Back in August Apple also announced it will provide selected security researchers with access to special "hackable" phones.
These devices, with most security features disabled, have existed for years at Apple and have been used by employees to hunt bugs before prototypes are sent to mass-production.
iOS security research device program! pic.twitter.com/4NsKH1DMGd
— Jesse D'Aguanno (@0x30n) August 8, 2019
Now, the company will be providing vetted security researchers with access to these devices to aid with hunting down bugs in its code.
