Particle.news
Download on the App Store
15 ARTICLES
·
10h ago

Apple Doubles Top Security Bounty to $2 Million, Unveils Target Flags for Faster Awards

Apple says the richer, faster-verified rewards are meant to steer high‑end research toward defending against mercenary spyware.

Apple doubles security bounty to $2M for zero-click exploits
Image
Image
Image

Overview

  • The top award for a zero‑click exploit chain now rises to $2 million, with bonuses that can push a single report above $5 million for Lockdown Mode bypasses or bugs in beta software.
  • Apple introduced Target Flags to provide verifiable proof of impact, enabling automated validation and awards paid in the next payment cycle rather than after a public patch.
  • Maximums across key vectors increased, including up to $1 million for one‑click remote exploits and wireless‑proximity attacks, $500,000 for locked‑device physical access, and $500,000 for an app sandbox escape.
  • New or expanded categories include up to $300,000 for chaining WebKit code execution with a sandbox escape and $1 million for broad unauthorized iCloud access, with $100,000 for a full Gatekeeper bypass on macOS.
  • The overhaul takes effect in November 2025, and Apple will donate 1,000 iPhone 17 devices to civil‑society groups as part of efforts to counter mercenary spyware.