Apple Doubles Top Security Bounty to $2 Million to Combat Mercenary Spyware
Share
Apple has announced a major expansion of its Security Bounty program, introducing the industry’s highest rewards and new research categories designed to target the most sophisticated digital threats. The company has doubled its top payout to $2 million for exploit chains that replicate real-world mercenary spyware attacks.
According to Apple, the updated program reflects the company’s increasingly secure ecosystem, where developing a working exploit has become significantly more difficult and costly. With additional bonuses for bypassing Lockdown Mode or identifying vulnerabilities in beta software, the maximum potential reward can exceed $5 million.
Expanded Reward Categories
Apple is also increasing payouts across multiple areas of security research:
-
$100,000 for a complete Gatekeeper bypass requiring no user interaction.
-
Up to $1 million for achieving broad unauthorized access to iCloud data.
-
Up to $300,000 for one-click WebKit sandbox escapes.
-
Up to $1 million for wireless proximity exploits affecting devices using Apple’s in-house C1X modem and N1 wireless chip.
Introducing “Target Flags”
To streamline verification, Apple is launching Target Flags, a new system inspired by capture-the-flag competitions. These built-in operating system markers allow researchers to prove exploit success objectively, enabling faster award processing—even before a software fix is released.
Encouraging New Researchers
In addition to large payouts, Apple is creating an entry point for new contributors with $1,000 rewards for low-impact issues. The company said it aims to make vulnerability research more accessible to individuals beginning in the security field.
Strengthening Civil Society Security
As part of its broader security initiative, Apple will distribute 1,000 iPhone 17 devices to civil society organizations, providing at-risk users access to the latest protections. The 2026 Security Research Device Program will also feature the iPhone 17, with applications open through October 31, 2025.
Implementation Timeline
The updated bounty program will take effect in November 2025, when Apple will publish a comprehensive list of new categories, rewards, and bonuses for researchers worldwide.
