Apple has announced a major overhaul of its bug bounty program that doubles the top reward to $2 million for exploit chains that can match the sophistication of mercenary spyware attacks.
With bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software, Apple says its total payouts could exceed $5 million. The company claims this represents “the largest payout offered by any bounty program.”
The program now places greater emphasis on complete exploit chains rather than individual vulnerabilities, reflecting the reality that real-world attacks typically chain multiple bugs together. The rewards for remote-entry vectors have also been substantially increased, although categories not commonly seen in actual attacks will receive lower payouts.
Read more at MacRumors.com