Apple will pay ethical hackers more than $1m if they responsibly disclose dangerous security vulnerabilities to the firm, the company announced at the Black Hat security conference in Las Vegas.
The new “bug bounty”, up from a previous maximum of $200,000, could even out-bid what a security researcher could earn if they decided to skip disclosure altogether and sell the bug to a nation state or an “offensive security company”, according to data shared by Maor Shwartz, a vulnerability broker at the same conference.
Apple’s new bug bounty programme is a marked step up from a previous offering, which was limited to a select pool of pre-approved researchers. The company has also extended it to reward hackers finding vulnerabilities in watchOS and tvOS, as well as iOS and macOS.
The $1 million will go to security researchers (or group of researchers) that are able to carry out a “zero-click full chain kernel execution attack with persistence,” Techcrunch reports.
If you don’t know what that is, don’t worry. It’s an attack that would result in the hacker getting to the core of Apple’s operating system, iOS, and gaining control of the iPhone in question without any user interaction. If someone (or several someones) are able to pull the hack off and share how they did with Apple, they’ll get $1 million.
The new challenge was presented by Apple during the Black Hat cybersecurity conference being held in Las Vegas this week. Black Hat is currently the world’s leading information security event. Held in Las Vegas, the week starts with four days of technical training, followed by a two-day main conference.