Particle.news
Download on the App Store
19 ARTICLES
·
14h ago

Apple Doubles Top Security Bounty to $2 Million in Spyware-Focused Overhaul

Apple ties bigger rewards to verifiable exploit chains through new Target Flags that speed objective validation.

Apple doubles security bounty to $2M for zero-click exploits
Image
Image
Image

Overview

  • The base award for zero-click exploit chains that mirror mercenary spyware rises to $2 million, with bonuses for Lockdown Mode bypasses and beta findings pushing potential payouts above $5 million.
  • Expanded tiers include up to $1 million for one-click remote chains and wireless proximity exploits, $500,000 for app sandbox escapes and locked‑device attacks, $1 million for a WebKit chain to unsigned code execution, $100,000 for a complete Gatekeeper bypass, and $1 million for broad unauthorized iCloud access.
  • Target Flags embedded across Apple platforms let researchers prove outcomes like code execution for immediate award decisions, with payments issued in the next cycle rather than after a software fix.
  • The redesigned categories, rewards, and bonus rules take effect in November 2025, with full details to be published on Apple’s Security Research site.
  • Apple reports more than $35 million paid to over 800 researchers since 2020 and will supply 1,000 iPhone 17 units featuring Memory Integrity Enforcement to civil-society groups, with iPhone 17 included in the 2026 Security Research Device Program.