Apple raises the stakes with record-breaking bug bounty rewards
Starting this November, Apple is revamping its Security Bounty program to offer some of the largest rewards ever seen in the cybersecurity world. The program rewards security researchers who responsibly report vulnerabilities across Apple’s operating systems, devices, and services.Apple has doubled its top reward from $1 million to $2 million for discovering exploit chains capable of achieving the same goals as advanced mercenary spyware attacks – the kind that require no user interaction.
But that’s not all. The maximum payout can now exceed $5 million for discovering even more critical vulnerabilities, such as bugs in beta software or bypasses in Lockdown Mode – Apple’s upgraded security feature designed to protect users from sophisticated attacks, especially in Safari.
The payouts for other types of discoveries are also seeing a major bump:
- Exploit chains requiring one-click user interaction can now earn up to $1 million (previously $250,000).
- Attacks requiring physical proximity to a device can now earn up to $1 million, also up from $250,000.
- Attacks requiring physical access to a locked device can now get up to $500,000, double the previous limit.
- Researchers who chain WebContent code execution with a sandbox escape can earn up to $300,000.
A preview of how Apple is increasing rewards for five key attack vectors. | Image credit – Apple
The only system-level iOS attacks we observe in the wild come from mercenary spyware — extremely sophisticated exploit chains, historically associated with state actors, that cost millions of dollars to develop and are used against a very small number of targeted individuals. While Lockdown Mode and Memory Integrity Enforcement make such attacks drastically more expensive and difficult to develop, we recognize that the most advanced adversaries will continue to evolve their techniques.
– Apple, October 10, 2025
Vulnerabilities discovered using these dedicated research devices will get priority review and bonus rewards under the bounty program.
Apple opens the door for advanced iOS research
Apple has always marketed the iPhone as one of the most secure smartphones out there – and updates like this only reinforce that image. By offering record-breaking rewards, Apple is not just fixing bugs faster; it’s motivating top security experts and developers around the world to help make its ecosystem even more secure.
This collaboration between Apple and the research community is a win for everyone: researchers get rewarded for their expertise, and users get better protection.
More rewards, more research, more protection for users
By dramatically increasing payouts, Apple is pushing the boundaries of how seriously tech companies take cybersecurity. The Apple Security Bounty isn’t just about catching small bugs – it’s about encouraging researchers to dig into the most critical and complex vulnerabilities across its platforms.It’s a strong message: Apple wants the world’s best minds testing its systems – and it’s willing to pay generously for it.
“Iconic Phones” is coming this Fall!
Iconic Phones: Revolution at Your Fingertips is the ultimate coffee table book for any phone enthusiast. Featuring the stories of more than 20 beloved devices, it takes you on a nostalgic journey through the mobile revolution that transformed our world. Don’t miss out—sign up today to lock in your early-bird discount!
#Apple #finding #iPhone #bugs #profitable
