Last week, at the Black Hat Conference Apple announced that it would be making some significant changes to its bug bounty programme which launched in 2016. Part of the major expansion to the programme will include a $1 million reward to those who can carry out a specific iPhone hack.
The hack in question is known as a “zero-click full chain kernel execution attack” and Apple said its bug bounty will pay out $1 million to security researchers who can execute it with persistence. Apple’s bug bounty programme will also do away with its ‘invite-only requirement’ and is opening the bounty to all researchers who’d like to participate.
According to TechCrunch, a zero-click full chain kernel execution attack would mean gaining access to the core of Apple’s operating system and control an iPhone in such a way that wouldn’t require any user/victim interaction. Researchers who spot a vulnerability in a beta version of Apple’s software before it launches will also receive a 50% bonus.
This is the biggest bug-bounty reward ever offered by a major tech company and is a stark difference from the $200,000 maximum payout the programme initially had when it launched in 2016. The expansion of the bug bounty programme has come into effect as data breaches are becoming increasingly common throughout tech and financial industries.
Apple also plans to expand its bounty program to its other platforms such as macOS, tvOS, and watchOS. Read more on the latest tech news right here.