Apple’s Bug Bounty Expansion: Higher rewards for tougher exploits
Apple is expanding its security bounty program in a move that signals the tech giant’s continued commitment to safeguarding its devices and software. The updated policy increases top payouts, with zero-click exploit chains now eligible for as much as $2 million. The initiative reflects Apple’s recognition of how sophisticated attackers have become and the growing need to attract more researchers to identify and responsibly disclose vulnerabilities.
New and expanded categories
The changes cover several high-risk attack vectors, including zero-click chains that bypass existing protections. Apple notes that the most rewarding payouts will apply to issues affecting the latest publicly available software and hardware—areas where defense mechanisms are strongest. By tying top rewards to the most current products, the company aims to tap into the brightest security researchers who focus on the newest technologies.
Significant boosts across core vectors
Certain categories see dramatic increases in maximum rewards. For example, full Gatekeeper bypass with no user interaction now carries a substantial prize, and exploit chains that combine WebKit WebContent code execution with a sandbox escape can fetch six-figure to seven-figure rewards depending on demonstrated impact. In particular, a chain featuring WebKit WebContent code execution plus sandbox escape plus unsigned code execution with arbitrary entitlements is eligible for up to $1 million, reflecting the high bar for multi-stage exploits.
Other high-value incentives
- Broad unauthorized iCloud access: up to $1 million
- Wireless proximity exploits across radio interfaces on latest devices: up to $1 million
- Zero-click and remote exploit possibilities now risk quieter but more lucrative outcomes
Beyond these top-tier rewards, Apple’s program also grants smaller but meaningful payouts for lower-impact findings, acknowledging the cumulative value of diverse discoveries. A standout addition is the introduction of Target Flags, a tool for researchers to clearly indicate that a vulnerability can be reliably exploited under certain conditions. This feature helps streamline disclosure and ensures researchers’ efforts are properly recognized.
Incentives for researchers at every level
Apple emphasizes that the final payout depends on the demonstrated outcome. Even individual chain components may earn researcher rewards, providing a spectrum of compensation that encourages broader participation. In keeping with this inclusive approach, Apple also offers a grant for researchers who are just starting to probe its platforms: a baseline reward of $1,000 for low-impact issues outside established categories.
Why these changes matter
The expanded bounty program aligns with industry trends toward proactive vulnerability disclosure and coordinated disclosure policies. By offering higher rewards for the most challenging exploits, Apple incentivizes researchers to responsibly report flaws they uncover in cutting-edge security features like Lockdown Mode and the upgraded Safari architecture. The company notes that the updates will help offset the time and effort required to discover new attack methods in a rapidly evolving threat landscape.
Implementation timeline and what researchers should know
The enhancements are slated to take effect in November 2025. Apple plans to publish a full list of new and expanded categories, rewards, and bonuses on the Apple Security Research site, along with updated program guidelines and instructions for using Target Flags. This clarity enables researchers to tailor their testing approach and maximize the impact of their findings while adhering to responsible disclosure practices.
As Apple’s security program evolves, researchers can expect continued support for responsible disclosure and ongoing collaboration to secure the ecosystem around iOS, macOS, watchOS, and alongside Apple hardware. The shift signals that Apple views vulnerability research not only as a critical defense mechanism but also as a professional pathway for security experts seeking substantial, legitimate rewards for impactful discoveries.
