Apple is raising the stakes for security researchers by offering up to $2 million for discovering zero-click exploit chains.
Quick Summary – TLDR:
- Apple has doubled its top bug bounty payout to $2 million for zero-click exploits.
- Bonus rewards can push the total payout over $5 million.
- The program adds new reward categories and a Target Flag system for faster payouts.
- This move aims to attract high-end security research and combat sophisticated spyware threats.
What Happened?
Apple has announced a major overhaul of its Security Bounty program. Starting November 2025, the top reward will now be $2 million for remote, zero-click exploit chains, with potential bonuses pushing that figure above $5 million. The updated program includes more categories, higher rewards across the board, and a transparent new system for faster validation.
❗️ Apple has doubled its Apple Security Bounty.
— International Cyber Digest (@IntCyberDigest) October 10, 2025
You can get $2 million now.
This is the largest payout offered by any bounty program.
Apple Raises the Bar for Security Research
The tech giant is significantly expanding the scope of its Apple Security Bounty program, which originally launched in 2020. Over the past five years, Apple has paid out more than $35 million to over 800 researchers. The most notable previous reward was $500,000, making this update a massive leap in value and scope.
The highlight of the revised program is the $2 million reward for zero-click remote exploits, the kind of attack that requires no user interaction. Apple is also offering bonus payouts for researchers who find vulnerabilities in Lockdown Mode or within beta software. These bonuses can more than double the reward, bringing the total potential payout to over $5 million, the highest publicly known bug bounty in the tech industry.
New Categories and Increased Rewards
Apple’s revamp introduces or increases rewards across many attack vectors, including:
- Wireless proximity attacks: $1 million
- Broad unauthorized iCloud access: $1 million
- WebKit exploit chain with sandbox escape: $300,000
- Complete Gatekeeper bypass (macOS): $100,000
- App sandbox escape: $500,000
- Physical device access exploits: $500,000
- One-click remote attacks: $1 million
- Unsigned code execution with entitlements: $1 million
Even lower-impact valid reports will now receive an “encouragement award” of $1,000, making the program more inclusive for beginner researchers.
Target Flags for Faster, Verified Rewards
A major innovation in the program is the introduction of Target Flags. These are built-in system markers that let researchers demonstrate the severity of an exploit in a standardized way. If a researcher captures one of these flags, Apple can verify the exploit immediately, awarding the bounty before the vulnerability is even patched. This transparency also helps researchers know exactly what kind of reward their findings might earn.
Target Flags are available across all Apple platforms, including iOS, macOS, watchOS, and the new visionOS and cover multiple security areas such as remote code execution and Transparency, Consent, and Control (TCC) bypasses.
Big Tech Meets Big Threats
Apple’s move comes as a response to the growing sophistication of mercenary spyware vendors, who typically chain together multiple vulnerabilities to breach high-value targets. While such attacks are rare, they are highly advanced, and Apple’s own Lockdown Mode and Memory Integrity Enforcement have made them even harder to execute.
Despite these protections, Apple admits the most advanced adversaries will keep evolving, so it’s adapting by encouraging more high-level research on its most critical systems. The updated program strongly favors real-world, demonstrated exploits over theoretical ones.
Special Push for Civil Society Protections
Looking ahead to 2026, Apple is also launching a civil society initiative, distributing 1,000 iPhone 17 devices with Memory Integrity Enforcement to at-risk groups like journalists and activists. These phones will also be used in the Security Research Device Program, which allows qualified researchers to test Apple’s security features more freely.
SQ Magazine Takeaway
I love seeing Apple step up like this. When a company throws $2 million on the table just for finding a bug, it’s not just about tech, it’s about trust. They know spyware isn’t going away, and instead of just playing defense, they’re giving ethical hackers real incentive to get ahead of the bad guys. What stands out most is the transparency. With Target Flags and detailed reward categories, researchers now know exactly what Apple wants and how to deliver. This isn’t just a payout, it’s a strategy. And honestly, it’s one that sets a new bar for the rest of the industry.
