In 2016, Apple introduced a new multi-million dollar bug bounty program that they are now making significant changes to.
Apple has announced that they will award $1 million to security researchers who prove able to carry out what is termed as a zero-click full chain kernel execution attack and maintain the attack with persistence.
What this basically means is that anyone who can not only get to the core of the IOS operating system developed by Apple but also gain control of the said system in a manner that does not entail any user interaction will be awarded the payout. The offer, along with the requirements, was reported in both Forbes and TechCrunch.
The 1 million dollar offer is a significant step up from the original proposal of $200,000 when the program was first announced and launched in 2016. Forbes also reports that it is the largest bug-bounty of its kind to be offered by a major technology company.
Those who choose to participate will also receive an additional 50% bonus if they can spot any form of vulnerability in Apple’s beta version of the software before it even launches.
Apple announced that it had made these significant changes to its program in Las Vegas at the Black Hat cybersecurity conference. The tech company also announced other vital updates as well.
The $1 million reward was revealed alongside the announcement that Apple is expanding the program to several of its other platforms, including macOS, tvOS and watchOS.
These are the software programs that power such Apple products as the Mac, the Apple TV, and the Apple Watch lines. Apple also stated that the program is not an invite-only one anymore, as it is open to any and all researchers who may wish to participate.
The upping of the ante on the bug-bounty program comes after security experts have noticed an increase in vulnerabilities within Apple’s products over the recent years.