Apple has announced its biggest-ever update to its security rewards program. The tech giant will now offer up to $2 million for the most dangerous software exploits, aiming to stay ahead of sophisticated spyware developers.
Record-Breaking Rewards
Apple’s new top payout sets a record for its bug bounty program. Earlier, the highest reward was $1 million, introduced in 2019. Initially, in 2016, the maximum payout was only $200,000.
The new structure also includes several bonuses. Exploits found in Lockdown Mode or during beta testing will qualify for extra rewards. With these bonuses, payouts could reach up to $5 million. The changes will roll out next month.
Apple launched its public bug bounty in 2020. Since then, it has paid over $35 million to more than 800 security researchers. While top prizes are rare, the company has issued multiple $500,000 rewards in recent years.
Expanded Scope for Hackers
Apple is also broadening the types of vulnerabilities it wants researchers to focus on. The updated program now includes WebKit browser infrastructure exploits and wireless proximity attacks, covering any form of radio-based exploit.
Additionally, Apple is launching a new “Target Flags” system. This will let security researchers simulate real-world attack scenarios, similar to capture-the-flag competitions, to better demonstrate exploit potential.
Strengthening Global Security
Apple’s decision comes as its devices grow in number and importance. The company now has over 2.35 billion active devices worldwide. Spyware targeting iOS has become more advanced, often used by mercenary actors to target high-profile individuals.
To boost defenses, Apple has also introduced Memory Integrity Enforcement in the new iPhone 17 series. This technology aims to block a commonly exploited class of bugs. In parallel, Apple will donate 1,000 iPhone 17 units to organizations that protect journalists, activists, and other high-risk groups.
Apple’s Head of Security Engineering, Ivan Krstić, emphasized that the company wants to reward the hardest exploit discoveries generously. He said Apple feels a “moral obligation” to defend vulnerable users, noting that improvements in high-end security protect everyone in the long run.
Apple’s expanded bug bounty marks a major step in the industry’s fight against advanced cyber threats. By incentivizing researchers with record payouts, the company is sending a clear message:
Defending users at every level is a top priority.