Apple Raises Maximum iPhone Hacking Reward to $1 Million

By Riley ThompsonTechnology News

Apple Increases Maximum Bug Bounty for iPhone Hacking to $1 Million

In 2016, Apple announced the launch of its own bug bounty program for discovering vulnerabilities at the Black Hat conference. Initially, the program was limited to iOS and only select security researchers were invited to participate.

This year, Apple representatives returned to Black Hat to announce a major expansion of the bug bounty program. Now, researchers can earn up to $1 million for finding critical bugs in the iPhone. By the end of the year, the program will also cover macOS, watchOS, and tvOS.

The expanded bug bounty program will be open to all interested security researchers. As usual, the size of the rewards will vary depending on the severity of the vulnerability and the potential damage it could cause.

Significantly Increased Rewards

Apple has substantially increased the payouts for vulnerabilities. Currently, the company offers up to $200,000 for vulnerabilities that could give an attacker full control over an iOS device—specifically, remote attacks that require no user interaction and allow code execution at the iOS kernel level.

Starting in fall 2019, the reward for such critical bugs will rise to $1 million. This offer will also apply to similar vulnerabilities found in macOS.

It’s worth noting that vulnerabilities in Apple’s operating systems have long been among the most valuable on the market. For example, in 2015, Zerodium offered $1 million for iOS exploits.

Rewards for Other Vulnerabilities and Pre-Release Bonuses

Rewards for other types of vulnerabilities have also increased, with researchers now able to earn between $100,000 and $500,000 for various bugs. Additionally, Apple is offering a 50% bonus for vulnerabilities discovered in pre-release builds. The company hopes this will help prevent dangerous bugs from making it into public releases, where they could be exploited and take weeks to fix.

Special iPhones for Security Researchers

At Black Hat, Apple also confirmed information previously reported by Forbes: the company will soon provide select security experts with special iPhones designed for testing, which are easier to hack. These devices have most security features disabled and are used by Apple engineers to find vulnerabilities before prototypes are finalized and devices go into mass production.

Previously, such devices sometimes ended up on the black market, where they were sold for significant sums and occasionally fell into the hands of vulnerability brokers or 0-day sellers.

Photo: Jesse D’Aguanno

Leave a Reply