Apple is offering cyber security researchers up to $1 million bounty to detect security flaws in macOS, tvOS, watchOS and iCloud. It is the highest bug bounty on offer from any major tech company, at a time of rising privacy concerns on mobile devices.
The tech giant also revealed that it will provide security researchers with special iPhones to help them discover bugs before hackers do.
Unlike other tech companies, Apple offered the bounty amount only to invited researchers who tried to find flaws in its phones and cloud backups. On Thursday, the company said it would open the process to all researchers at the annual Black Hat security conference in Las Vegas. Moreover, the bounty prize would apply only if the researchers are able to remote access the iPhone kernel without any action from the phone’s user.
Apple’s highest bounty was $200,000 for friendly bug reports that could be fixed with software updates and not leave them exposed to criminals or spies. However, government contractors and brokers have paid as much as $2 million to obtain information from devices.
Earlier this year, a security researcher revealed that he had discovered a flaw in macOS, but refused to provide details to Apple because of the lack of a bounty program for the operating system. The flaw could reportedly expose user passwords.
