Apple has recently updated its bug bounty program to cover everyone. Before, it was an invite-only affair that attracted criticism but now has been changed to be open for all.
In the last bounty program iteration Apple has increased its ‘bounties’ due to low reward complaints, which also presented a backlash that individuals will earn more if they sell the found vulnerability on the black market.
The recently set microsite contains all Apple Bug Bounty program details and eligibility requirements. Apple has also set payout ranges from $100K to a million dollars, although the maximum payout for discovering a vulnerability on beta versions is $1.5M, with the same figure being donated to charity.
Apple has a separate page for lists of sample payouts. To be eligible for the bounty reward, the vulnerability must be on public versions of iPadOS, tvOS, watchOS, macOS and iOS, and on publicly available Apple products.
The Cupertino-based company has also recently published its Platform Security guide for 2019.