Apple Doubles Top Bug Bounty to $2M in Spyware Arms Race

In a major escalation against mercenary spyware, Apple is overhauling its bug bounty program, doubling its top reward for zero-click exploits to $2 million, with potential payouts topping $5 million. The company announced the changes at the Hexacon security conference in Paris, as reported by Wired.

• A pricey deterrent: The move is a direct response to the growing threat from state-sponsored malware used to target high-profile individuals like journalists and dissidents. Apple says these are the only system-level iOS attacks it sees in the wild, and the higher payouts are designed to keep critical vulnerability research out of the hands of bad actors.

• Upping the ante: The updated system, launching in November, features higher payouts across the board, with rewards for "one-click" remote attacks jumping to $1 million from $250,000. Apple is also offering $100,000 for a complete Gatekeeper bypass and $1 million for gaining unauthorized access to iCloud data, a vulnerability it says no one has successfully exploited to date. Since 2020, the company has paid over $35 million to researchers.

• Capture the flag, get the cash: To improve its relationship with the research community, Apple is introducing "Target Flags," a system that allows hackers to objectively prove their exploits and get paid faster. The company will also donate one thousand iPhone 17s, which feature its new Memory Integrity Enforcement, to civil society groups that protect at-risk individuals.

Apple is putting its money where its mouth is, making a clear calculation that paying millions to white-hat hackers is cheaper than the damage a sophisticated spyware campaign can do to its reputation and user trust.

• Also on our radar: Even as Apple shores up its current software, rumors are already swirling about the iPhone 18 Pro's potential new features. Looking further ahead, the company is also seeking researchers for a separate program focused on the security of its 2026 iPhone hardware.