2 min

Apple now offers security researchers up to $1 million ($893,000) if they find an error in iPhones. That’s the highest amount a company has ever offered in a so-called bug bounty.

Apple is also changing its policy on bug bounties, writes Reuters. Previously, the company only gave rewards to security researchers who were invited to find errors in the company’s phones and cloud backups.

At the Black Hat conference in Las Vegas, the manufacturer announced that the process would be open to all researchers from now on. Also, Mac software and other targets are added to the bug bounty programs, with different rewards for the most significant finds.

Apple is also taking other steps to simplify research. For example, the company now offers a custom phone with a number of security measures disabled.

Million dollars

The $1 million reward only applies to errors that allow remote access to the iPhone’s kernel, without the phone owner having to take any action.

Earlier, the highest bounty Apple spent was $200,000. This reward was given to reports of errors that can be solved with software updates and that do not remain open to criminals or spies.

Other programs

Bug bounties are common among tech companies, who hope to find vulnerabilities they wouldn’t have encountered otherwise. In January, for example, Microsoft launched an entirely new program specifically for its Azure DevOps service. Any vulnerabilities found will be rewarded with a maximum of 20,000 dollars.

GitHub – now also part of Microsoft – expanded its program earlier this year and increased its rewards. A maximum of $30,000 is now being offered for the most critical vulnerabilities. The reason GitHub increased its rewards was that it would become increasingly difficult to find security vulnerabilities in the platform’s code.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.