Apple has announced significant changes to its bug bounty program, introducing a new payout structure that could result in rewards of over $5 million for critical vulnerabilities. The company also updated its Security Research Device (SRD) program, which provides specialized iPhones to security researchers.

New Bounty Multiplier Increases Payouts

While the maximum standard payout for a single vulnerability remains at $2 million, Apple has introduced a new bounty multiplier. This multiplier can increase a standard payout by 2.5 times for certain high-value bugs. A base payout of $2 million, when combined with the 2.5x multiplier, results in a total potential award of $5 million. In addition to this, Apple is offering a separate 1.5x multiplier for vulnerabilities discovered in newly released software betas.

Security Research Device Program Changes

Alongside the bounty updates, Apple modified its SRD program. Participants in the program, who receive special iPhones with certain security features disabled to facilitate research, are now permitted to keep the devices permanently. These devices are configured with features such as shell access, which allows researchers to more effectively search for vulnerabilities in Apple’s software.

Source: https://www.infosecurity-magazine.com/news/apple-bug-bounty-payouts-can-now/