We've mentioned before how crucial it is for tech companies to have bug bounty programs, how it can help to keep them safe from malicious actors.
Apple however has so far skimped a little on that front, offering limited rewards. But now anymore though.
Apple just made a major announcement at the annual Black Hat security conference in Las Vegas. Whereas they've previously only offered bug bounties on flaws in iOS, they're now opening it out to other platforms like Apple TV and Apple Watch. Most importantly though, they're offering bounties for MacOS for the very first time.
In the past, there have been multiple instances of cybersecurity researchers refusing to share their exploit findings with Apple, given that the company was refusing to pay for them. Hopefully this decision is because Apple realised what a bad idea that was.
Aside from that however, Apple has upped the largest reward it offers from $200,000 to a massive $1 million for researchers that find flaws in the iPhone. That's the largest reward ever offered by a company in exchange for security loopholes.
It makes sense though, given that Apple has a?number of actors working against it. Aside from the usual pool of hackers, there are also authoritarian governments looking to spy on journalists and dissidents, and democratic nations too, looking to crack iOS in order to further criminal investigations where needed.
Additionally, bug bounty programs allow tech companies to supplement their cybersecurity teams with people essentially working for a commission. And though those payouts need to be big to be attractive, they're worth it compared to how much cash would be lost in a security breach.
For instance, Chennai-based cybersecurity researcher Laxman Muthiya was recently awarded a massive $30,000 prize (approximately Rs 20.64 lakh) for spotting a major bug in Instagram's security features. That's because the bug would have allowed him to gain access to any Instagram account, without needing access to a person's device or even having to trick them into clicking a phishing link or downloading a malicious app.