Overview
- Apple set a new $2 million maximum for zero-click exploit chains, with bonuses for Lockdown Mode bypasses and beta findings that can push total awards above $5 million.
- Reward ceilings rose across key vectors, including up to $1 million for one-click and wireless proximity exploits, $500,000 for physical access and app sandbox escapes, $300,000 for one-click WebKit sandbox escapes, $1 million for broad unauthorized iCloud access, and $100,000 for a complete Gatekeeper bypass.
- New Target Flags let researchers capture in-system proof of capabilities like code execution or arbitrary read/write, enabling immediate award notification and payment in the next cycle before a public fix ships.
- Apple says the only system-level iOS attacks it has observed in the wild are linked to mercenary spyware, and it will donate 1,000 iPhone 17 devices to civil-society groups and expand its Security Research Device Program in 2026.
- The updated rules take effect in November 2025, Apple will publish the full category matrix then, it will award under whichever framework pays more, and the company reports paying over $35 million to more than 800 researchers since 2020.