Apple's Invite-Only Bug Bounty Program Open to All Researchers


1 min read
Apple's Invite-Only Bug Bounty Program Open to All Researchers

Since its launch three years ago, Apple’s bug bounty program was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system.

However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple, announced the company’s upcoming extended bug bounty program.

Speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple, announced the company’s upcoming extended bug bounty program which included three main highlights:

Even after submitting a valid security bug, researchers need to follow some basic eligibility rules for receiving rewards, which includes reporting details directly to the Apple security team without revealing anything to the public until the company releases a patch and providing a clear report with a working exploit.

Besides this, Apple will now also pay an additional 50% bonus on the eligible reward amount for reporting a ‘regression’ vulnerability that the company patched in previous versions of its software, but reintroduced ‘mistakenly’ in a developer beta or public beta release.

GO TOP