Apple Boosts Bug Bounty to $2 Million: Major Exploits Now Worth Record Payout

Apple Ups Reward for Finding Major Exploits to $2 Million At the Hexacon offensive security conference in Paris on Friday, Apple announced a significant increase in its bug bounty program, setting a new maximum payout of $2 million for finding major software exploits. The move reflects the company's growing concern about the potential misuse of vulnerabilities within its highly protected mobile environment. According to Ivan Krstić, Apple's vice president of security engineering and architecture, the increased reward is intended to incentivize researchers to discover and report critical vulnerabilities before they can be exploited by malicious actors. "We're committed to protecting our users' data and security," Krstić said in a statement. "By increasing the reward for finding major exploits, we hope to encourage more researchers to participate in our bug bounty program." The new maximum payout of $2 million is part of a revised bonus structure that includes additional awards for exploits that can bypass Apple's extra secure Lockdown Mode and those discovered while Apple software is still in its beta testing phase. This means that the total award for a potentially catastrophic exploit chain could reach up to $5 million. Since launching its bug bounty program nearly a decade ago, Apple has consistently increased its maximum payouts, from $200,000 in 2016 to $1 million in 2019. The company's efforts are aimed at preventing vulnerabilities from being exploited by malicious actors and ensuring the security of its users' data. The increase in reward is seen as a positive development by industry experts, who believe it will encourage more researchers to participate in Apple's bug bounty program. "This move demonstrates Apple's commitment to security and its willingness to invest in research that can help protect its users," said Rachel Tobac, a well-known security researcher. The changes take effect immediately, and Apple is encouraging researchers to submit their findings through its bug bounty program website. As the company continues to push the boundaries of mobile security, it remains to be seen how this increased reward will impact the discovery and reporting of critical vulnerabilities in the future. Background: Apple's bug bounty program was launched nearly a decade ago as part of the company's efforts to improve the security of its products. Since then, the maximum payout has been consistently increased, from $200,000 in 2016 to $1 million in 2019. The new reward structure reflects Apple's growing concern about the potential misuse of vulnerabilities within its highly protected mobile environment. Implications: The increase in reward is expected to encourage more researchers to participate in Apple's bug bounty program, potentially leading to a greater number of critical vulnerabilities being discovered and reported. This could have significant implications for the security of Apple's users' data and the company's overall reputation. Real-world applications: The increased reward will likely impact the way researchers approach vulnerability discovery and reporting. With the potential for a $5 million award, researchers may be more inclined to invest time and resources into discovering critical vulnerabilities within Apple's products. Next developments: As the bug bounty program continues to evolve, it remains to be seen how this increased reward will impact the discovery and reporting of critical vulnerabilities in the future. Apple is encouraging researchers to submit their findings through its bug bounty program website, and the company will continue to monitor the effectiveness of its efforts to improve mobile security. *Reporting by Arstechnica.*