Bigger payouts for top security flaws: Apple is updating its Security Bounty program this November, doubling the top reward from $1 million to $2 million for discovering complex exploit chains that work like advanced spyware attacks and don’t require any user interaction. Some critical vulnerabilities could even earn over $5 million, including bugs in beta software and bypasses of Lockdown Mode in Safari.
Rewards for user-interaction exploits increased: Researchers who find exploits requiring just one click from the user can now earn up to $1 million, a big jump from the previous $250,000. Similarly, attacks that need physical proximity to a device can earn $1 million, and attacks requiring physical access to locked devices now get up to $500,000.
Sandbox escape and web exploits recognized: Apple is also offering up to $300,000 for researchers who demonstrate chaining WebContent code execution with a sandbox escape, highlighting the company’s focus on protecting critical system layers.
Apple’s track record: According to Ivan Krstić, Apple’s VP of security engineering, the company has paid over $35 million to more than 800 security researchers since launching the program. While top payouts are rare, multiple researchers have earned $500,000 or more for discovering significant vulnerabilities.
Fighting mercenary spyware and advanced attacks: Apple says the only system-level iOS attacks seen in the wild came from mercenary spyware, often linked to state actors targeting specific individuals. Its security features like Lockdown Mode and Memory Integrity Enforcement make these attacks harder to pull off. With the bounty updates, Apple hopes to encourage more advanced research on its toughest attack surfaces, keeping ahead of evolving threats.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
