The Tame Press claims it is by far the highest bug bounty on offer from any major tech company and is proof that Apple is so confident that no one can hack its shiny toys it might never have to pay out at all.
The million is up from $200,000 and will be open to all researchers soon. Previously Apple ran an invite-only bug bounty programme which is sort of defeating the point.
Apple is launching a Mac bug bounty but it's also extending it to watchOS and its Apple TV operating system.
Apple was to give bug bounty participants “developer devices”—iPhones that let hackers dive further into iOS. They can, for instance, pause the processor to look at what’s happening with data in memory. Krstić confirmed the iOS Security Research Device program would be by application only. It will arrive next year.
The full $1 million will go to researchers who can find a hack of the kernel—the core of iOS—with zero clicks required by the iPhone owner. Another $500,000 will be given to those who can find a “network attack requiring no user interaction”. There’s also a 50 percent bonus for hackers who can find weaknesses in software before it's released.
Apple hopes that by increasing the money, it will tackle the profitable private market where hackers sell the same information to governments for vast sums.
Previously, a company called Zerodium was vocal about how much it will pay researchers before handing them to its unknown government customers. In January, the secretive company announced it was offering $2 million for a remote hack of an iPhone.
Krstić said the bug bounty had been a success to date, with 50 serious bugs reported since the 2016 launch.