Apple will now pay hackers up to $200,000 to identify vulnerabilities in its products.
The tech titan—a long-time holdout in the bug bounty arena—announced its new program during this week's Black Hat event in Las Vegas.
For the first time in four years, Apple's head of security engineering and architecture Ivan Krstic took the conference stage on Thursday to talk about security features of HomeKit, AutoUnlock, and iCloud Keychain. As TechCrunch pointed out, the public appearance is "somewhat unusual" for the secretive company.
The biggest surprise, though, was Krstic's bug bounty announcement.
According to Rich Mogull, CEO of security research firm Securosis, Cupertino boasts one of the highest payouts in the business, but only for a handful of selected researchers.
Compensation ranges from $25,000 for a sandbox break to $200,000 for a secure boot hardware exploit, Mogull wrote in a blog post. The program covers five issues, all on iOS or iCloud.
Historically, Apple has shied away from bug bounties, citing high bids from the government and black markets. And while $200,000 is a good payday, it's pennies compared to the $1 million the FBI allegedly paid to break into the iPhone used by San Bernardino shooter Syed Farook.
Now, the iDevice maker—famously protective of its products and consumers—is taking new safety precautions. Applauding this move, Mogull said Apple didn't need a bug bounty, "but can certainly benefit from one."
"This won't motivate the masses or those with ulterior motives, but it will reward researchers interested in putting in the extremely difficult work to discover and work through engineering some of the really scary classes of exploitable vulnerabilities," he said.
Apple did not immediately respond to PCMag's request for comment.
This isn't the first time finding an iOS exploit could help pay the rent: In the past, third parties like Zerodium have paid security researchers upwards of $1 million to uncover Apple vulnerabilities.
In June, Cupertino moved to an unencrypted kernel in iOS 10, allowing enthusiasts and security researchers to look inside, while also increasing device security.