Apple Offers Up to $1,500,000 to Bug Hunters
Apple rewards researchers who share critical issues with the company through the Apple Security Bounty.
You can now earn up to $1,500,000 and report issues on iOS, iPadOS, macOS, tvOS, watchOS, and iCloud. In addition, Apple offers public recognition for those who submit valid reports and promises to match donations of the bounty payment to qualifying charities.
Apple is offering $1 million for a "zero-click kernel code execution with persistence and kernel PAC bypass." There's an additional $500,000 in the reward pot if the issue is unknown to Apple and unique to designated developer betas and public betas.
In order to be eligible for an Apple Security Bounty, the issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where relevant, on the latest publicly available hardware.
Researchers must be the first party to report the issue to Apple Product Security. They should provide a clear report, which includes a working exploit, and not disclose the issue publicly before Apple releases the security advisory for the report.
Apple says that reported issues that are unknown to Apple and are unique to designated developer betas and public betas, including regressions, can result in a 50% bonus payment.