Apple has echoed reports that came in last week at the Black Hat conference today. The company’s Security Bounty program has been expanded to cover all of Apple’s ecosystem and rewards anyone with up to a million dollars when they find a vulnerability.
Apple has revealed a list of payouts during the conference. Finding bugs that bypass the lock screen and unauthorized iCloud access pays out $100,000. Finding vulnerabilities that could lead to network attacks or user-installed app attacks can pay out $250,000. Lastly, finding bugs that allow network attacks unprovoked and without interaction from users pay out $1 million. A 50% bonus will be given for those who could find and report pre-release bugs.
A new program, called iOS Security Research will be launched next year and open to everyone as long as they have a high-quality systems security track record. The special iPhones will be sent to researchers to probe for security weaknesses and chinks in the iOS’ armor.