Apple has completely revamped its bug bounty program (Apple Security Bounty) to incentivize security researchers. The company announced that it will now offer rewards of up to $2 million to researchers who identify the most complex vulnerabilities. With the inclusion of bonus payments, the total bounty amount could exceed $5 million.

Higher Bounties Possible

With the new system, which will go live in November 2025, Apple is significantly expanding the scope of its bug bounty program. Previously, the maximum bounty amount was $1 million. In the new era, complex attacks that use multiple vulnerabilities in a chain will be evaluated with significantly higher rewards.

The company has included not only single vulnerabilities but also real-world exploitation scenarios where multiple vulnerabilities are combined into the bounty. Additional bonuses have been awarded for specific vulnerabilities identified in Lockdown Mode, iCloud, and other Apple services. This will allow researchers to earn both larger rewards and receive faster response times for their reported vulnerabilities.

With the new system, Apple aims to strengthen its ties with the cybersecurity community and encourage researchers to report vulnerabilities directly to the company rather than selling them to malicious individuals or organizations.

The company has paid out millions of dollars through its bug bounty program since 2020. With the new period starting in November, Apple has once again demonstrated its commitment to security by offering the highest bounty amount in the industry.