Apple has announced a major update to its bug bounty program, offering much bigger rewards and new opportunities for security researchers.
The company has doubled its top payout to 2 million dollars for discovering zero-click vulnerabilities that allow hackers to access a device without any user interaction. With additional bonuses for finding flaws in Lockdown Mode or beta software, the total reward can go above 5 million dollars, making it the highest payout in the tech industry.
Since launching the program in 2020, Apple has paid more than 35 million dollars to around 800 researchers who have helped improve the security of its devices and services. The new system introduces a clearer, more transparent structure that makes it easier to understand how rewards are calculated.
Apple has also added new reward categories, including one click remote attacks, wireless proximity attacks, and unauthorized iCloud access, each worth up to 1 million dollars. Researchers can also earn rewards for finding issues in app sandboxing, WebKit exploits, or Gatekeeper bypasses on macOS. Even low impact but valid reports now receive a 1,000 dollar encouragement award to motivate more participation.
To further strengthen user protection, Apple plans to distribute 1,000 specially secured iPhone 17 devices in 2026 to civil society groups and selected researchers through its Security Research Device Program. Applications for the program are open until October 31.
Apple says these improvements aim to attract more ethical hackers and encourage responsible vulnerability reporting instead of selling exploits to spyware vendors. By offering higher payouts and clearer guidelines, the company hopes to make its products even more secure and better protect users from sophisticated cyber threats.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
