Slashdot
Follow
Apple Doubles Its Biggest Bug Bounty Reward To $2 Million
Apple is significantly increasing its Security Bounty program rewards starting in November. The top award for discovering sophisticated, user-interaction-free exploit chains, similar to mercenary spyware, has doubled to $2 million. Even higher payouts exceeding $5 million are possible for highly critical vulnerabilities like beta software bugs or Lockdown Mode bypasses. Discovering exploit chains that require a single user click will now be rewarded with up to $1 million, a substantial increase from $250,000. Similarly, the maximum reward for attacks needing physical proximity to devices has also doubled to $1 million. The bounty for attacks requiring physical access to locked devices has also been doubled to $500,000. Researchers can earn up to $300,000 for successfully chaining WebContent code execution with a sandbox escape. These enhancements aim to incentivize the discovery of severe security flaws. The updated program reflects Apple's commitment to strengthening device security. The program's new reward structure is among the highest in the tech industry.