Apple’s Three-year-old bug bounty program has lastly, formally expanded to just accept bug submissions from different Apple ecosystem platforms, together with MacOS. The expertise firm introduced its plans for the growth just some months in the past, through the Black Hat cybersecurity convention. Apple seems to have launched the growth of its Safety Bounty program on Thursday, December 19, by way of a brand new webpage printed on its website that gives additional particulars on the up to date program.
The Apple Safety Bounty program is basically a program during which Apple incentivizes safety researchers to search out bugs in Apple’s varied working programs and report them to the corporate in alternate for a fairly sizable financial reward. As ZDNet notes, when this system was first launched in 2016, it solely accepted bug stories for iOS bugs from sure researchers who had been invited to take part in this system. However as of this week, the Safety Bounty program has formally expanded to not solely settle for MacOS bugs, but in addition bugs from different Apple working programs, and it now permits the participation of all safety researchers.
The newly printed webpage on Apple’s web site offers particulars on the present iteration of the Safety Bounty program, together with eligibility pointers, bounty classes (and their related most rewards), and directions on easy methods to submit a bug report. There’s even a separate web page that lists instance payouts for various sorts of bugs.
Along with MacOS bugs, this system formally accepts bug stories for iOS, iPadOS, tvOS, and WatchOS. There doesn’t look like any MacOS specific-guidelines for submitting bug stories about it, however typically talking, as a way to be eligible for a bounty, researchers should comply with three primary pointers:
It’s important to be the primary one to report the bug to Apple Product Safety.
A report should be submitted and it needs to be “clear” and comprise “a working exploit.”
You may’t publicize the bug till “Apple releases the safety advisory for the report.”
It’s additionally price noting that if the bug has “important influence to customers,” Apple will nonetheless take it into consideration for a bounty cost even when it doesn’t “match the printed bounty classes.” Additionally, the bounties themselves aren’t tiny. In reality, the smallest instance payout listed was $25,000 and the biggest payout seems to be $1 million.