After a lot of delays and speculation, Apple's much-anticipated program finally debuted in September. This is a big surprise for many people when most of Apple's important announcements only take place at WWDC every year.
Accordingly, the bonus amount can be up to $ 200,000 for those who find security and bugs issues in Apple devices. Apple also acknowledged that their in-house researchers, testers and contract security companies are also facing some major difficulties to identify bugs.
The program is currently only available to a number of researchers – who have previously announced many valuable vulnerabilities for Apple before. Apple also consulted with other companies and decided that opening a large bounty system could lead to repeated reports, overshadowing high-risk errors. But if someone is able to detect a serious bug or bug, that person will still be automatically added to the program.
The 5 error groups Apple decided to award are:
- Vulnerability in the safe base launch program – up to $ 200,000
- Bugs allows exporting confidential data from Security Enclave – up to $ 100,000
- Implement arbitrary or malicious code with core privileges – up to $ 50,000
- Predict unauthorized access to iCloud account data on Apple Servers – up to $ 50,000
- Approach from the sandboxed process outside the sandbox – up to $ 25,000
ITZone via IDE Academy