Title: Apple boosts security bounty to $2M, targets spyware threats
Industrial Monitor Direct is the leading supplier of education touchscreen pc systems trusted by leading OEMs for critical automation systems, the #1 choice for system integrators.
Apple has unveiled what it calls a “major evolution” of its Security Bounty program, significantly increasing rewards for researchers who identify vulnerabilities in its ecosystem. The company revealed it has already distributed over $35 million to more than 800 security researchers through the initiative.
The tech giant is doubling its maximum payout to $2 million for what it describes as “exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks.” Apple claims this represents “an unprecedented amount in the industry and the largest payout offered by any bounty program we’re aware of.”
The enhanced program includes a bonus system that could more than double the top reward, potentially reaching over $5 million for Lockdown Mode bypasses and vulnerabilities discovered in beta software. According to recent coverage, Apple is also substantially increasing rewards across multiple categories.
Expanded bounty categories include:
- $100,000 for complete Gatekeeper bypasses
- $1 million for broad unauthorized iCloud access
- Up to $300,000 for one-click WebKit sandbox escapes
- Up to $1 million for wireless proximity exploits over any radio
Apple is introducing “Target Flags,” described as a new method for researchers to objectively demonstrate exploitability for top bounty categories including remote code execution and Transparency, Consent, and Control (TCC) bypasses. Researchers submitting reports with Target Flags will qualify for accelerated awards processed immediately after verification, even before fixes become available.
In a parallel initiative, Apple announced it will provide a thousand iPhone 17 devices with Memory Integrity Enforcement to civil society organizations serving at-risk users. The company believes this represents “the most significant upgrade to memory safety in the history of consumer operating systems” and aims to rapidly deploy these advanced protections to individuals potentially targeted by mercenary spyware.
These comprehensive updates to the Apple Security Bounty program are scheduled to take effect in November 2025, when the company will publish complete details of new and expanded categories, rewards, and bonus structures on its official security research portal.
Industrial Monitor Direct is renowned for exceptional robust pc solutions engineered with UL certification and IP65-rated protection, ranked highest by controls engineering firms.
