iGeeksBlog logo

    Apple Revamps Bug Bounty Program, Now Offers Up to $2 Million Rewards

    VikhyatVikhyat·

    Apple revamps its bug bounty program with rewards up to $2M and bonuses pushing payouts beyond $5M, the biggest in tech security history.

    Add us on
    Apple Revamps Bug Bounty Program
    Key Takeaways:
    • Apple doubles bug bounty rewards to $2 million: Security researchers can now earn up to $2 million for discovering exploit chains resembling advanced spyware attacks, with extra bonuses pushing totals beyond $5 million.
    • Focus shifts to full exploit chains: Apple now prioritizes reports showing complete attack sequences rather than isolated bugs, mirroring how real-world spyware breaches unfold.
    • New “Target Flags” speed up payouts: Borrowing from CS:GO’s Capture the Flag, this system lets researchers instantly confirm successful exploits and get faster rewards without waiting for patch cycles.
    • Expanded scope and higher rewards from November 2025: New categories such as WebKit sandbox escapes and wireless exploits will qualify for payouts reaching $1 million each.
    • Over $35 million paid to researchers since 2020: Apple’s latest update cements its bug bounty as one of the most lucrative in tech, rewarding over 800 researchers globally.

    As always, Apple is taking its security game up a notch. The Cupertino tech giant has announced that it is doubling its bug bounty program reward, a massive $2 million for exploit chains that match the sophistication of mercenary spyware attacks.

    There’s more to this: The company will reward bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software, pushing potential total payouts to over $5 million. Apple says this is the largest bounty offered by any security program.

    Focus Shifts to Exploit Chains

    While Apple previously rewarded isolated bugs, the company will now place more emphasis on complete exploit chains. This is because most real-world cyber attackers typically combine multiple vulnerabilities to gain deeper access.

    Besides this change, rewards for remote-entry vectors have been substantially increased. On the other hand, categories that are less likely to be exploited in real attacks will see lower payouts.

    Target Flags Bring Faster Payouts

    Have you ever played CS:GO’s “Capture the flag” mode? Apple is taking inspiration from it and is introducing Target Flags. Now, whenever a researcher successfully exploits a vulnerability, they can capture a specific flag that indicates the level of access achieved, such as code execution or arbitrary read/write access to system memory.

    Once Apple verifies the flag, the bounty amount is immediately confirmed, and the payment is released in the next payout cycle, departing from the previous model where researchers often had to wait months for a fix before receiving payment.

    Expanded Categories and Bigger Rewards

    The overhauled program, launching in November 2025, adds new categories and increases payouts:

    • One-click WebKit sandbox escapes: Up to $300,000
    • Wireless proximity exploits (any radio): Up to $1 million
    • Complete Gatekeeper bypass on macOS: $100,000

    Apple’s Bug Bounty Payouts So Far

    Since launching the public bounty program in 2020, Apple has paid over $35 million to more than 800 researchers. You can check updated program details on the Apple Security Research website.

    What do you think about Apple’s new $2 million top reward? Let us know in the comments.

    Add as a preferred source on Google
    Vikhyat

    Written by

    Vikhyat

    Vikhyat has a bachelor's degree in Electronic and Communication Engineering and over five years of writing experience. His passion for technology and Apple products led him to the tech writing space, where he specializes in writing App features, How-to guides, and troubleshooting guides for fellow Apple users. When not typing away on his MacBook Pro, he loves exploring the real world.

    View all posts →

    More from News