Overview

• Base awards for zero-click remote compromise double to $2 million, with bonuses for Lockdown Mode bypasses and beta discoveries pushing potential payouts above $5 million.
• Apple raises ceilings across categories, including up to $1 million for one-click or wireless proximity exploits, $500,000 for physical-access or sandbox escapes, and $300,000 for chained WebKit code execution with a sandbox escape.
• New Target Flags let researchers capture objective proof of exploit capabilities, enabling immediate award decisions once Apple validates the submitted flag.
• Confirmed awards will be paid in the next payment cycle after validation, and the updated program rules take effect in November 2025.
• Apple reports paying more than $35 million to over 800 researchers since 2020 and will donate 1,000 iPhone 17 devices to civil-society groups that protect high-risk users.