Loading...

Apple's 3-year bug bounty program has finally been officially expanded to accept bug submissions from other Apple ecosystem platforms, including MacOS. The technology company announced its plans for the expansion just a few months ago at the Black Hat cyber security conference. Apple appears to have launched the expansion of its Security Bounty program on Thursday December 19 through a new web page published on its site with more information about the updated program.

The Apple Security Bounty program is essentially a program in which Apple encourages security investigators to find bugs in Apple's various operating systems and report them to the company in exchange for a substantial financial reward. As ZDNet points out, when it was first launched in 2016, the program only accepted bug reports for iOS bugs from certain researchers who were invited to participate in the program. But from this week, the Security Bounty program has been officially expanded to accept not only MacOS bugs, but also bugs from other Apple operating systems, and now allows the participation of all security researchers.

The newly published webpage on Apple's website provides details about the current iteration of the Security Bounty program, including eligibility guidelines, premium categories (and the associated maximum rewards) and instructions for submitting a bug report. There is even a separate page with sample payouts for different types of bugs.

In addition to MacOS bugs, the program officially accepts bug reports for iOS, iPadOS, tvOS and WatchOS. There do not seem to be any MacOS-specific guidelines for submitting bug reports, but in general researchers must follow three main guidelines to be eligible for a premium:

You must be the first to report the bug to Apple Product Security. A report must be submitted and it must be & # 39; clear & # 39; and & # 39; a working exploit & # 39; contain. You cannot publish the bug until & # 39; Apple has issued the security advisory for the report & # 39 ;.

It is also worth noting that if the bug "has significant consequences for users", Apple will still take it into account for a premium payment, even if it does not "fit into the published premium categories". The premiums themselves are also not small. In fact, the smallest sample payout was $ 25,000 and the largest payout was $ 1 million.

Recommendations from the editors