Apple’s Security Bounty Program is a call to skilled coders and security researchers, offering a lucrative opportunity to earn substantial rewards for identifying vulnerabilities in their products. The program, which commenced in 2022, incentivizes individuals to test and expose weaknesses within Apple’s secure systems, particularly those found in iPhones.
The rewards available under this program range from $5,000 to $2 million. The payout amount is contingent on the type and severity of the vulnerability discovered and exploited. Successfully bypassing security through physical access to a device could result in a reward of up to $250,000. Exploiting a device through a user-installed application could earn up to $150,000, while network attacks that involve user interaction could result in rewards of up to $250,000.
The program also offers significant rewards for complex exploits. Hackers who can perform a zero-click attack, requiring no user interaction, can earn $1 million. The same reward is provided to those capable of executing a remote attack in private cloud computing environments. The most substantial reward, $2 million, is reserved for those who can successfully bypass the iPhone’s security while in Lockdown Mode.
The scope of the Apple Security Bounty Program includes Apple products like iPhones, Watches, and Macs. However, vulnerabilities related to Apple Pay, phishing attempts, or social engineering attacks are excluded. The program’s scope is limited to Apple’s hardware and software, with vulnerabilities found in third-party services not included.