Apple has announced a major overhaul of its bug bounty program that doubles the top reward to $2 million for exploit chains that can match the sophistication of mercenary spyware attacks.
With bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software, Apple says its total payouts could exceed $5 million. The company claims this represents "the largest payout offered by any bounty program."
The program now places greater emphasis on complete exploit chains rather than individual vulnerabilities, reflecting the reality that real-world attacks typically chain multiple bugs together. The rewards for remote-entry vectors have also been substantially increased, although categories not commonly seen in actual attacks will receive lower payouts.
As part of the overhaul, Apple is introducing "Target Flags," which are inspired by capture-the-flag games. When a researcher successfully exploits a vulnerability, they can capture a specific flag that proves exactly what level of access they achieved, such as code execution or arbitrary read/write capabilities.
These flags can be verified by Apple, so researchers who submit reports using them can receive notification of their bounty award immediately after Apple validates the captured flag. The payment is also issued in an upcoming payment cycle, meaning researchers won't have have to wait until Apple releases a software fix, which can take months. Previously, researchers often had to wait for Apple to patch a vulnerability before receiving payment.
The updated program comes into effect from November 2025. Apple is also expanding categories to include one-click WebKit sandbox escapes worth up to $300,000 and wireless proximity exploits over any radio worth up to $1 million. A complete Gatekeeper bypass on macOS now earns $100,000.
More information on the changes can be found on Apple's Security Research website. Apple says it has paid out over $35 million to more than 800 researchers since launching the public program in 2020.
