Apple has announced a significant increase in its bug bounty program rewards, aiming to incentivize security researchers to uncover critical vulnerabilities within its ecosystem. During the Hexacon offensive security conference in Paris, Ivan Krstić, Vice President of Security Engineering and Architecture at Apple, revealed that the maximum payout for discovering a complex chain of software exploits—capable of being exploited for spyware—will now reach $2 million.

This escalation underscores the high value Apple places on identifying and mitigating vulnerabilities that could threaten user privacy and security. The new reward structure not only offers a top prize for particularly dangerous exploit chains but also incorporates a bonus system. Researchers can earn additional payments if their discoveries bypass Apple’s advanced security measures, such as Lockdown Mode, or are found during the beta testing phase of Apple software. When combined, the potential maximum payout for a particularly severe exploit could now total up to $5 million.

Effective from next month, these enhancements reflect Apple’s commitment to proactive security measures. As threats become increasingly sophisticated, especially those associated with mercenary spyware—malicious software used for targeted surveillance—the company is eager to motivate security experts to disclose vulnerabilities before malicious actors can exploit them.

Krstić emphasized the importance of rewarding researchers who dedicate considerable effort to uncovering these hard-to-find, high-impact vulnerabilities. “We are lining up to pay many millions of dollars here, and there’s a reason,” he told WIRED. “We want to ensure that for the most complex and damaging problems, the researchers with the skills and perseverance to find these exploits are appropriately compensated.”

Apple’s bug bounty program continues to evolve as part of its broader strategy to maintain the integrity of its secure environment, emphasizing collaboration with the security community to stay ahead of emerging threats. For detailed guidelines and participation criteria, interested researchers can consult the official Apple Security Bounty Program webpage.

Ethan Cole

I'm Ethan Cole, a tech journalist with a passion for uncovering the stories behind innovation. I write about emerging technologies, startups, and the digital trends shaping our future. Read me on x.com