Apple today announced a sweeping update to its public Security Bounty program, dramatically increasing rewards, expanding covered vulnerability types, and introducing a new “Target Flags” system designed to speed up validation and payment.
The changes, which take effect in November 2025, position the program as one of the most generous in the industry.
Since opening its bounty program publicly in 2020, Apple says it has awarded more than US$ 35 million to over 800 security researchers. In many cases, individual reports have earned rewards of up to US$ 500,000.
Under the revised scheme, the top base reward for a full exploit chain now doubles to US$ 2 million. With additional bonuses—for example, for bypassing Lockdown Mode or for discoveries made in beta software—the maximum payout could exceed US$ 5 million.
Other reward increases include:
- One-click remote exploits now eligible for up to US$ 1 million (was $250,000)
- Wireless proximity attacks now capped at US$ 1 million
- App sandbox escape (from an app to more privileged context) increased to US$ 500,000 (from $150,000)
- Physical-device access exploits (locked device) eligible for up to US$ 500,000 (from $250,000)
In areas where no successful exploit has yet been demonstrated, Apple is also offering new rewards: US$ 100,000 for a complete Gatekeeper bypass on macOS, and US$ 1 million for broad unauthorized access to iCloud.
Expanded coverage and a focus on exploit chains
Apple is reshaping its priorities to reward complete exploit chains more heavily than individual components, reasoning that real-world attacks often link together multiple vulnerabilities. Vulnerabilities not part of a chain remain eligible, but their rewards are relatively smaller.
The program also expands coverage to new categories. Notably, one-click WebKit sandbox escapes can merit up to US $300,000, and if chained further to reach arbitrary unsigned code execution, they may qualify for US $1 million.
Apple is also broadening its “Wireless Proximity” category to cover all radio interfaces, not just Bluetooth or NFC, on its latest devices.
Target Flags for faster validation
A central new element is the Target Flags system, which allows researchers to capture programmatically verifiable “flags” demonstrating specific exploit capabilities—such as arbitrary code execution, register control, or read/write access. Because Apple can verify flags automatically, researchers submitting reports with valid flags may receive accelerated awards—often before a software fix is publicly available.
Target Flags support will span all Apple platforms, including iOS, macOS, tvOS, watchOS, visionOS, and iPadOS.
Beyond the base payouts, Apple continues to offer bonus rewards for exceptional research. Submissions made during developer or public betas will qualify for higher bonuses, giving Apple a chance to address vulnerabilities before public release. There are also extra rewards for components that bypass Lockdown Mode protections.
To encourage reporting by newer researchers, Apple is formalizing a baseline reward of US $1,000 for lower-impact vulnerabilities, even those outside main categories.
In conjunction with the bounty changes, Apple is also expanding its Security Research Device (SRD) program. Starting in 2026, SRD participants will gain access to iPhone 17 devices with the latest security enhancements such as Memory Integrity Enforcement, with all vulnerabilities discovered via the SRD eligible for priority bounty evaluation.
Further, Apple intends to donate 1,000 iPhone 17 units to civil society organizations that assist high-risk users, allowing them to deploy strong security protections to those vulnerable to targeted spyware.
With these changes, Apple is pushing the boundaries of its security incentives, aiming to match rewards to the sophistication of real-world attacks. The November 2025 rollout will reveal full category details, guidelines for using Target Flags, and the final reward tables.
Until then, Apple says it will evaluate new submissions under both its existing framework and the new one, awarding whichever yields a higher payout.
