Apple offers $1 million bounty to finders of iPhone security flaws

Yolanda Curtis
August 11, 2019

Additionally, the company is expanding the program to include platforms such as macOS, watchOS, and tvOS in addition to its iOS software that powers iPhones.

Unlike other technology providers, Apple previously offered rewards only to invited researchers who tried to find flaws in its phones and cloud backups.

Apple will also give bug bounty participants "developer devices", which are devices that let hackers dive deeper into iOS. Earlier this year, a safety researcher revealed that he found a flaw in macOS that would expose person passwords however refused to provide details to Apple due to the shortage of a bounty program for the working system. In 2016, security company Zerodium started offering $1,500,000 for a "zero-day" iOS hack (the offer was since increased to $2 million), and security experts can often sell freshly found security vulnerabilities for even bigger sums to governments and major corporations.


Whereas in previous years a bounty of $200,000 represented the cap on what most hackers could hope to attain, and eligibility to try to hack an Apple device for this cash was by invitation only, this fall the stakes will be significantly raised and the bounty open to all comers. The company's Security Bounty program has been expanded to cover all of Apple's ecosystem and rewards anyone with up to a million dollars when they find a vulnerability. There's also a 50% bonus for hackers who can find weaknesses in software before it's released.

This particular aspect of the bug bounty is open only to those who have successfully applied to the iOS Security Research Device programme. Lastly, finding bugs that allow network attacks unprovoked and without interaction from users pay out $1 million. While many researchers have been able to acquire these iPhones in the past through black market sources, the process has been both expensive and technically illegal.

For those who are security researchers, this obviously means much better support and potential payouts.


Think you have what it takes to hack the iPhone?

More importantly, however, for everybody else this is going to help to promote even more secure hardware and software coming out of Apple. Apple devices are aimed at providing a flawless experience to their users.


Other reports by iNewsToday

FOLLOW OUR NEWSPAPER