Apple doubles top bug bounty to $2 million, with bonuses pushing maximum payouts to $5 million
Apple is turning up the heat on security research. Since launching the Apple Security Bounty in 2020, the company has awarded $35 million to more than 800 researchers—an average of $43,750 per person. Now, Apple is dramatically raising rewards to attract discoveries that can neutralize the most dangerous threats.
Here are the biggest changes to the Apple Security Bounty program:
– Up to $2,000,000 for exploit chains that achieve similar goals to sophisticated mercenary spyware attacks
– Bonus awards for Lockdown Mode bypasses and vulnerabilities found in beta software that can push total payouts as high as $5,000,000
– $1,000,000 for broad unauthorized iCloud access
– $1,000,000 for wireless proximity exploits over any radio
– Up to $300,000 for one-click WebKit sandbox escapes
– $100,000 for a complete Gatekeeper bypass on macOS, allowing untrusted code to run without triggering Gatekeeper’s checks
The expanded scope and higher payouts reflect where the threat landscape has shifted. Apple notes that system-level iOS compromises today typically come from extremely advanced, high-budget mercenary spyware targeting a very small number of individuals. By incentivizing research at the cutting edge—such as exploit chains, proximity-based attacks, and sandbox escapes—Apple aims to harden its platforms against the most consequential vulnerabilities.
These investments build on years of security enhancements driven in part by the bounty program, including:
– Lockdown Mode, which minimizes attack surface by restricting message attachments, link previews, and certain web features
– A strengthened security architecture for the Safari browser
– Memory Integrity Enforcement in chips such as the A19 to protect against memory corruption vulnerabilities
Why it matters: Bigger bounties mean more eyes on the toughest problems. For researchers, Apple now offers some of the industry’s most lucrative rewards for high-severity findings across iOS, macOS, WebKit, iCloud, and wireless radios. For users, the result is a tighter security posture across devices, better resistance to zero-click and one-click exploits, and stronger safeguards against targeted spyware.
Key terms to know for submissions:
– Exploit chain: Multiple vulnerabilities combined to escalate impact, often used in advanced spyware
– One-click WebKit sandbox escape: A web-driven bug that, with a single user interaction, breaks out of browser sandbox protections
– Gatekeeper bypass: A method to execute untrusted apps on macOS without triggering Apple’s built-in security checks
– Wireless proximity exploit: An attack delivered over nearby radios such as Bluetooth, Wi‑Fi, or NFC without prior pairing or trust
With higher ceilings and expanded categories, Apple’s revamped bounty program is poised to accelerate vulnerability discovery and push critical fixes to users faster than ever.
