Apple Will Reward $1.5 Million USD Bounty to Anyone Able to Hack an iPhone

Apple has opened its bug bounty program to all security researchers, offering folks up to $1.5 million USD if they are able to find security vulnerabilities. The previously invite-only bug program offers a bigger cash bounty the more specific the vulnerability, up to $1 million USD (approximately £767,000 EUR) for a “zero-click kernel code execution with persistence and kernel PAC bypass.” An additional $500,000 USD (approximately £383,000 EUR) will be offered if the issue in question is a vulnerability Apple didn’t know about or a unique occurrence to a specific developer or public beta. Apple’s Security Bounty page also clarifies “the issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where relevant, on the latest publicly available hardware.”

Hackers must also disclose the issue to Apple first before the official Apple security advisory is made public. “Reports lacking necessary information to enable Apple to efficiently reproduce the issue will result in a significantly reduced bounty payment,” the Apple requirements notes, “if accepted at all.” To get a chance of the big bucks, hackers will have to provide not only enough information for Apple to be able to reproduce the issue at hand but also a “reasonably reliable exploit.” Although Apple agrees to still pay under these circumstances, the payout will be no more than half of the maximum bounty rate. If you’ve hacked an iPhone, send an Apple Product Security PGP Key encrypted message will all videos, cash, logs, diagnoses, etc. to product-security@apple.com.