iGeeksBlog
Apple Revamps Bug Bounty Program, Now Offers Up to $2 Million Rewards
Apple revamps its bug bounty program with rewards up to $2M and bonuses pushing payouts beyond $5M, the biggest in tech security history.
ByVikhyat
Explore this post with:
Key Takeaways:
- Apple doubles bug bounty rewards to $2 million: Security researchers can now earn up to $2 million for discovering exploit chains resembling advanced spyware attacks, with extra bonuses pushing totals beyond $5 million.
- Focus shifts to full exploit chains: Apple now prioritizes reports showing complete attack sequences rather than isolated bugs, mirroring how real-world spyware breaches unfold.
- New “Target Flags” speed up payouts: Borrowing from CS:GO’s Capture the Flag, this system lets researchers instantly confirm successful exploits and get faster rewards without waiting for patch cycles.
- Expanded scope and higher rewards from November 2025: New categories such as WebKit sandbox escapes and wireless exploits will qualify for payouts reaching $1 million each.
- Over $35 million paid to researchers since 2020: Apple’s latest update cements its bug bounty as one of the most lucrative in tech, rewarding over 800 researchers globally.
As always, Apple is taking its security game up a notch. The Cupertino tech giant has announced that it is doubling its bug bounty program reward, a massive $2 million for exploit chains that match the sophistication of mercenary spyware attacks.
There’s more to this: The company will reward bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software, pushing potential total payouts to over $5 million. Apple says this is the largest bounty offered by any security program.
Focus Shifts to Exploit Chains
While Apple previously rewarded isolated bugs, the company will now place more emphasis on complete exploit chains. This is because most real-world cyber attackers typically combine multiple vulnerabilities to gain deeper access.
Besides this change, rewards for remote-entry vectors have been substantially increased. On the other hand, categories that are less likely to be exploited in real attacks will see lower payouts.
Target Flags Bring Faster Payouts
Have you ever played CS:GO’s “Capture the flag” mode? Apple is taking inspiration from it and is introducing Target Flags. Now, whenever a researcher successfully exploits a vulnerability, they can capture a specific flag that indicates the level of access achieved, such as code execution or arbitrary read/write access to system memory.
Once Apple verifies the flag, the bounty amount is immediately confirmed, and the payment is released in the next payout cycle, departing from the previous model where researchers often had to wait months for a fix before receiving payment.
Expanded Categories and Bigger Rewards
The overhauled program, launching in November 2025, adds new categories and increases payouts:
- One-click WebKit sandbox escapes: Up to $300,000
- Wireless proximity exploits (any radio): Up to $1 million
- Complete Gatekeeper bypass on macOS: $100,000
Apple’s Bug Bounty Payouts So Far
Since launching the public bounty program in 2020, Apple has paid over $35 million to more than 800 researchers. You can check updated program details on the Apple Security Research website.
What do you think about Apple’s new $2 million top reward? Let us know in the comments.
Explore this post with:
Vikhyat
Articles: 461
Related Posts
