Apple Introduces $2M Bug Bounty for Spyware-Level Exploits
Apple has announced a major overhaul of its bug bounty program that doubles the top reward to $2 million for exploit chains that can match the sophistication of mercenary spyware attacks.
With bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software, Apple says its total payouts could exceed $5 million. The company claims this represents "the largest payout offered by any bounty program."
The program now places greater emphasis on complete exploit chains rather than individual vulnerabilities, reflecting the reality that real-world attacks typically chain multiple bugs together. The rewards for remote-entry vectors have also been substantially increased, although categories not commonly seen in actual attacks will receive lower payouts.
As part of the overhaul, Apple is introducing "Target Flags," which are inspired by capture-the-flag games. When a researcher successfully exploits a vulnerability, they can capture a specific flag that proves exactly what level of access they achieved, such as code execution or arbitrary read/write capabilities.
These flags can be verified by Apple, so researchers who submit reports using them can receive notification of their bounty award immediately after Apple validates the captured flag. The payment is also issued in an upcoming payment cycle, meaning researchers won't have have to wait until Apple releases a software fix, which can take months. Previously, researchers often had to wait for Apple to patch a vulnerability before receiving payment.
The updated program comes into effect from November 2025. Apple is also expanding categories to include one-click WebKit sandbox escapes worth up to $300,000 and wireless proximity exploits over any radio worth up to $1 million. A complete Gatekeeper bypass on macOS now earns $100,000.
More information on the changes can be found on Apple's Security Research website. Apple says it has paid out over $35 million to more than 800 researchers since launching the public program in 2020.
Popular Stories
Apple turns 50 this year, and its CEO Tim Cook has promised to celebrate the milestone. The big day falls on April 1, 2026.
"I've been unusually reflective lately about Apple because we have been working on what do we do to mark this moment," Cook told employees today, according to Bloomberg's Mark Gurman. "When you really stop and pause and think about the last 50 years, it makes your heart ...
Apple plans to announce the iPhone 17e on Thursday, February 19, according to Macwelt, the German equivalent of Macworld.
The report, citing industry sources, is available in English on Macworld.
Apple announced the iPhone 16e on Wednesday, February 19 last year, so the iPhone 17e would be unveiled exactly one year later if this rumor is accurate. It is quite uncommon for Apple to unveil...
In the iOS 26.4 update that's coming this spring, Apple will introduce a new version of Siri that's going to overhaul how we interact with the personal assistant and what it's able to do.
The iOS 26.4 version of Siri won't work like ChatGPT or Claude, but it will rely on large language models (LLMs) and has been updated from the ground up.
Upgraded Architecture
The next-generation...
While the iOS 26.3 Release Candidate is now available ahead of a public release, the first iOS 26.4 beta is likely still at least a week away. Following beta testing, iOS 26.4 will likely be released to the general public in March or April.
Below, we have recapped known or rumored iOS 26.3 and iOS 26.4 features so far.
iOS 26.3
iPhone to Android Transfer Tool
iOS 26.3 makes it easier...
The iPhone 18 Pro Max will feature a bigger battery for continued best-in-class battery life, according to a known Weibo leaker.
Citing supply chain information, the Weibo user known as "Digital Chat Station" said that the iPhone 18 Pro Max will have a battery capacity of 5,100 to 5,200 mAh. Combined with the efficiency improvements of the A20 Pro chip, made with TSMC's 2nm process, the...
