Apple Expands Its Bug Bounty Program With Bigger Rewards
Apple has announced a significant expansion of its security bounty program, raising the potential payout for researchers and introducing new categories. The company states that zero-click exploit chains may now earn researchers up to $2 million, with bonus opportunities that can push total rewards well above that amount. These changes reflect Apple’s ongoing effort to outpace increasingly sophisticated adversaries in the mercenary spyware sector and other high-stakes attack techniques.
Key Increases and How They Work
The updated reward structure is designed to compensate for the growing complexity and impact of vulnerabilities. While the headline figure is $2 million for top-tier zero-click exploit chains, Apple emphasizes that the final payout depends on the demonstrated outcome and the significance of the vulnerability. Certain attack vectors now come with enhanced maximums, and some components of an exploit chain can qualify for separate rewards, recognizing the layered nature of many security breaches.
Among the notable maximum rewards announced were:
- Full Gatekeeper bypass with no user interaction: up to $100,000
- Exploiting WebKit’s WebContent code execution with a sandbox escape: up to $300,000
- WebKit WebContent code execution plus sandbox escape plus unsigned code execution with arbitrary entitlements: up to $1 million
- Broad unauthorized iCloud access: up to $1 million
- Wireless proximity exploit across all radio interfaces on Apple’s latest devices: up to $1 million
In addition, the program now features Target Flags — a new mechanism allowing researchers to indicate that specific issues can be exploited in ways that maximize impact. This helps Apple prioritize and assess complex vulnerability chains more efficiently.
What’s New for Beta Testing and Lockdown Mode
Apple notes that bonuses can more than double the base rewards when bypassing Lockdown Mode or vulnerabilities discovered in beta software. Lockdown Mode, a heightened security feature intended to reduce the risk of spyware and zero-click attacks, remains a core part of Apple’s defense strategy. The company reiterates that the top prizes apply to vulnerabilities affecting the latest publicly available software and hardware, which typically incorporate the most advanced protections.
The expanded rewards align with Apple’s broader security efforts, including enhancements to the Safari security model and Memory Integrity Enforcement. By continually evolving protections and incentivizing researchers to tackle new attack surfaces, Apple aims to deter would-be attackers and accelerate the discovery of critical flaws before they can be exploited in the wild.
Open Invitation to New and Seasoned Researchers
Apple also recognizes the reality that vulnerability discovery can be time-consuming and technically demanding. To broaden participation, the company indicates that newcomers who discover low-impact issues outside traditional categories will still receive a base reward — starting at $1,000 — signaling an approachable entry point into high-stakes security research.
Those who contribute to the program will find more detailed instructions, updated guidelines, and information about how to use Target Flags on the Apple Security Research site when the changes go into effect in November 2025. The expanded categories, rewards, and bonuses underscore Apple’s commitment to a proactive security posture in an era of increasingly capable cyber threats.
What This Means for Researchers and Users
For researchers, the new structure means more precise compensation for complex chains and high-impact vulnerabilities. For users, the implications are clear: Apple is widening its security net and accelerating vulnerability remediation, especially for issues affecting the latest devices and software. The ongoing emphasis on high-assurance protections like Lockdown Mode and secure browser architectures is designed to push attackers toward less fruitful avenues while ensuring rapid patching of critical flaws.
