As announced in August, Apple has now announced the opening of its invite-only bug bounty program to all security researchers.

Apple has now announced the opening of its invite-only bug bounty program to all security researchers. The tech giant will pay white hat hackers that will report security flaws in the iOS, macOS , watchOS , tvOS , iPadOS , and iCloud .

In August, at the Blackhat cybersecurity conference, Apple announced a few major changes to its bug bounty program including the opening to any researcher.

The most striking change is related to the payout for the rewards, the

maximum reward passed from $200,000 to $1 million. This is the biggest payout for a bug bounty program operated by a tech company.

Apple will pay up to $1 million rewards for a zero-click kernel code execution vulnerability zero user clicks, that could be exploited by an attacker to take over a device.

On top of the maximum reward of $1 million, the tech giant announced it will also offer a supplementary bonus of 50% to those experts who report security issues in beta version software before its public release.

Until now the Apple’s bug bounty program only rewarded researchers that reported vulnerabilities in the iOS mobile operating system.

Now live!



🔺The new Apple Security Bounty! https://t.co/T4A2vTGSnM



🔺The new Apple Platform Security guide, featuring Mac for the first time!https://t.co/76qglenmif



(PDF version: https://t.co/8F4kb8izgD)



🔺My Black Hat 2019 talk: https://t.co/bqs6A3VAQ8



Happy holidays! 🎄 — Ivan Krstić (@radian) December 20, 2019

Apple’s decision to extend the bug bounty program and increase the rewards is very important. Let’s consider that since now the best way to earn money for a bug hunter was to sell the exploits to zero-day broker firms like Zerodium. These companies historically offered greater rewards for working zero-day exploits for popular software like iOS and the Tor Browser.

Pierluigi Paganini