Apple officially activates the program announced in the summer aimed at every researcher which operates in the field of computer security: their task will be locate bugs in all the platforms Cupertino home software, in exchange for rewards in cash – the amount varies depending on the severity of the discovered bug.
Differences from the program bug bounty that Apple has carried on so far are in the words "every researcher" is "all platforms": previously access was reserved only for selected users who received an explicit invitation and the relevant bugs were only those related to iOS. Now everyone can participate and the bugs we are discussing also concern iPadOS, macOS, tvOS, watchOS and iCloud.
Me too'maximum amount of the reward was extended from 200,000 to $ 1,500,000. To try to get it, the interested parties will have to respect some rules, first of all to supply Apple with a reports containing a detailed description of the bug, an indication of each prerequisite necessary for the emergence of the problem, an exploit that allows us to demonstrate its existence and all the information necessary for Apple to replicate it. Furthermore, the discovery should not be made public before an official intervention by the Cupertino company (almost always coincides with the release of the corrective patch).
Among the bugs that allow you to receive the highest compensation include those that can be considered unpublished, operating on multiple platforms, encountered with the most recent hardware and software components, and which may have an impact on sensitive data (contacts, emails, messages, notes, photos, etc.). The highest paid discoveries of all are related to vulnerabilities that allow network attacks to be performed without user interaction (zero-click bugs).
The rewards for each bug are also increased with a 50% bonus if the bug was found in one beta – this avoids the spread to the wider public who will use the stable version – or if it is a so-called regression bug, or a bug previously corrected by Apple, but that resurfaces in a subsequent software release.
Interested users can find the complete program rules by connecting to this address.