By including its other operating systems, Apple is extending the bug bounty program that it first launched for iOS in 2016. Researchers who discover security flaws that affect platforms other than iOS are eligible to receive payouts as large as $200,000. That is the same price Apple initially offered as a maximum reward for its iOS program. The company boosted that payout to $1 million today, only for iOS flaws that allow an attacker to gain full access to an iPhone or iPad without any physical interaction with the device. The company also added a $500,000 tier reward for security shortcomings that allow hackers to access user data.
Extending its bug bounty program to all of its platforms is a long time coming for Apple, and perhaps motivated by people withholding disclosure of bugs because of the lack of incentive. Earlier this year, a security researcher revealed that he discovered a flaw in macOS that could expose user passwords but refused to provide details to Apple because of the lack of a bounty program for the operating system.