At the Black Hat security conference, Apple announced that it is launching a bug bounty program. However, only invited security researchers will be able to participate.
Relative to other bug bounty programs, the payouts could be quite high—up to $200,000. By comparison, Google’s top payout is $20,000 and Microsoft’s is $100,000. Here’s what Apple will pay for various categories of exploits:
- Secure boot firmware components ($200,000 cap)
- Extraction of confidential material protected by the Secure Enclave Processor ($100,000 cap)
- Execution of arbitrary code with kernel privileges ($50,000 cap)
- Unauthorized access to iCloud account data on Apple servers ($50,000 cap)
- Access from a sandboxed process to user data outside of that sandbox ($25,000 cap)