Any and all security researchers are now free to hunt Apple platforms for security bugs.
Once only available for selected security experts by direct invitation, Apple has opened up its iPadOS, macOS, tvOS, watchOS, and iCloud products to security review by freelancers. The company also increased its maximum award for identifying bugs from $200,000 to $1.5 million and has provided a list of official rules that researchers must follow to earn the bounty. Top bounties will go to researchers who identify novel security flaws that affect multiple platforms used on the latest hardware and software.
“As a few have noted, the bar is set pretty high in terms of deliverables," Patrick Wardle, Principal Security Researcher at Jamf and an Apple security expert, told ZDNet. "One of the biggest challenges of a bug bounty program is filtering out all the subpar reports, and knowing what is a real/valid bug and the impact said bug could have, so requiring an exploit, puts the onus on the researcher yes, but also then will help Apple quickly and fully understand which bugs should be prioritized and thus fixed (first)."