It's open season on Apple products. As spotted by 9to5Mac, the company has opened up its bug bounty program to the public, and it's offering payouts of up to $1.5 million for severe vulnerabilities that can be exploited without user interaction.
The company's bug bounty program was previously invitation-only and the payouts were lower than they are now. Both decisions were criticized by the security community, as discouraging the responsible disclosure of serious vulnerabilities could prompt researchers to profit off their discoveries in far less benevolent ways.
Selling exploits for Apple products could still be more lucrative than disclosing them via this program — there's always going to be a market for effective hacks targeting popular devices. But now it's easier for security researchers to don white hats instead of black ones.
Apple's bug bounty program pays between $100,000 for low-priority vulnerabilities, such as "unauthorized access to iCloud account data on Apple Servers," and $1 million for "zero-click kernel code execution with persistence and kernel PAC bypass." Researchers are given a 50% bonus for issues with beta software releases.
In addition to the funds given to developers, Apple will donate the same amount to qualifying charities, which are listed at Benevity. More information about Apple's bug bounty program can be found on its dedicated website. It explains who's eligible for the program, what each payout tier is and how developers should submit reports.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.