Breaking
July 4, 2026

Apple Introduces $2M Bug Bounty for Spyware-Level Exploits Tim Hardwick | usagoldmines.com

Apple has announced a major overhaul of its bug bounty program that doubles the top reward to $2 million for exploit chains that can match the sophistication of mercenary spyware attacks.



With bonuses for Lockdown Mode bypasses and vulnerabilities found in beta software, Apple says its total payouts could exceed $5 million. The company claims this represents “the largest payout offered by any bounty program.”

The program now places greater emphasis on complete exploit chains rather than individual vulnerabilities, reflecting the reality that real-world attacks typically chain multiple bugs together. The rewards for remote-entry vectors have also been substantially increased, although categories not commonly seen in actual attacks will receive lower payouts.

As part of the overhaul, Apple is introducing “Target Flags,” which are inspired by capture-the-flag games. When a researcher successfully exploits a vulnerability, they can capture a specific flag that proves exactly what level of access they achieved, such as code execution or arbitrary read/write capabilities.

These flags can be verified by Apple, so researchers who submit reports using them can receive notification of their bounty award immediately after Apple validates the captured flag. The payment is also issued in an upcoming payment cycle, meaning researchers won’t have have to wait until Apple releases a software fix, which can take months. Previously, researchers often had to wait for Apple to patch a vulnerability before receiving payment.

The updated program comes into effect from November 2025. Apple is also expanding categories to include one-click WebKit sandbox escapes worth up to $300,000 and wireless proximity exploits over any radio worth up to $1 million. A complete Gatekeeper bypass on macOS now earns $100,000.

More information on the changes can be found on Apple’s Security Research website. Apple says it has paid out over $35 million to more than 800 researchers since launching the public program in 2020.

This article, “Apple Introduces $2M Bug Bounty for Spyware-Level Exploits” first appeared on MacRumors.com

Discuss this article in our forums

 

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.