Many tech companies offer bug bounty programs for their products, motivating ethical hackers to find security flaws and report them privately to the vendor in return for a monetary award. Microsoft, Apple, Google, Meta, and others host this initiative on a pretty big scale. But now, Apple is changing the playing field, offering rewards bigger than any other program.
In an update to its Apple Security Bounty program, the Cupertino firm has announced that it is doubling its top reward to $2 million, usually offered for very sophisticated mercenary-type attacks that don"t require user interaction. However, this reward can go further up to $5 million if it is chained with other bonuses like a Lockdown Mode bypass. Similarly, you will be rewarded a $1 million bonus for "broad unauthorized access" of iCloud, since that has never happened before.
In addition, Apple is adding more categories for rewards as well as "target flags" that will accelerate your payout, as they will enable faster evaluation based on the concrete criteria being met.
Attached below are the new bounties, which will go into effect from November 2025:
| Type of attack | Current maximum | New maximum |
|---|---|---|
| Zero-click chain: Remote attack with no user-interaction | $1M | $2M |
| One-click chain: Remote attack with one-click user-interaction | $250K | $1M |
| Wireless proximity attack: Attack requiring physical proximity to device | $250K | $1M |
| Physical device access: Attack requiring physical access to locked device | $250K | $500K |
| App sandbox escape: Attack from app sandbox to SPTM bypass | $150K | $500K |
There are other changes in store too, such as a $100,000 reward for a macOS Gatekeeper bypass and a $1,000 bounty for low impact reports. Since the launch of the Apple Security Bounty program in 2020, the tech giant has paid over $35 million to more than 800 security researchers. The company hopes that with the higher payouts and more categories for attack surfaces, it will be able to encourage more white hat hackers to find flaws in its products that it can promptly fix.