Apple’s bug bounty program was officially opened to all security researchers worldwide. The company had announced its bug bounty program last year but kept it limited to security researchers who were invited to the program. Apple did make its intention clear of opening the bug bounty program to the public at the Black Hat conference this year.

Apart from opening the program to the public, Apple has also added support for non-iOS platforms like macOS, tvOS, watchOS, and iCloud to the program. The maximum bounty size has also increased from $200,000 to $1 million per exploit, though the payout varies on the severity of the bug discovered. The highest payout is reserved for zero-click kernel code execution.

Apple will also give a 50% bonus to security researchers for finding and reporting bugs in beta builds of iOS, macOS, or watchOS as it would allow it to fix the bug before a public release. There’s also a 50% bonus for reporting regression bugs i.e. bugs that were patched by Apple previously but have been accidentally reintroduced again.

Apple has made its Security Bounty page live with all the relevant details along with information on how one can be eligible for the bug bounty as well. This includes providing a clear report on the working exploit, be the first party to report the issue to Apple, not disclosing the bug to the public, and more. In certain scenarios, security researchers will have to submit a complete chain of the one-click or zero-click exploits for the maximum payout.

As announced by Apple earlier this year, it will also start providing security researchers with special iPhones that feature ssh, root shell, and advanced debug capabilities under its iOS Security Research Device program.