Apple has announced a major update to its Security Bounty Program, significantly raising rewards for researchers who identify vulnerabilities in its software. Under the new policy, effective November 2025, anyone who discovers critical security flaws could earn up to ₹16.6 crore ($2 million).
Apple’s VP of Security Engineering, Ivan Krstić, noted that over 800 researchers have already received more than ₹290 crore ($35 million) in total rewards. While earning the top ₹16.6 crore ($2 million) is rare, many researchers have previously earned ₹4 crore ($500,000) or more for important discoveries.
Researchers who uncover “exploit chains” capable of compromising devices like iPhones or Macs without user interaction — including spyware or network-level attacks — are eligible for the highest reward.
Substantial rewards are also available for less complex vulnerabilities:
- Single-click user exploits: up to ₹8.3 crore ($1 million)
- Proximity-based attacks requiring physical presence near the device: up to ₹8.3 crore ($1 million)
- Bugs requiring physical access to the device: up to ₹4.1 crore ($500,000)
The program now also covers vulnerabilities in Safari and the operating system’s sandbox security layer, with web code exploits earning up to ₹2.5 crore ($300,000). Researchers who discover critical bugs in beta software (iOS Beta or macOS Beta) or bypass Safari’s Lockdown Mode could receive rewards exceeding ₹41 crore ($5 million).
Apple highlighted that many system-level attacks in recent years were linked to “mercenary spyware” often backed by state actors. To counter such threats, the company continues to strengthen security features like Lockdown Mode, Memory Integrity Enforcement, and the Rapid Security Response System.
Krstić emphasized, “Our goal is not just to find bugs, but to recognize and reward the expertise that keeps our products secure.”
With this updated bounty program, Apple aims to motivate ethical hackers worldwide to discover sophisticated vulnerabilities, enhancing device security for millions of iPhone and Mac users while rewarding top talent with multi-crore payouts.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter |The Mainstream formerly known as CIO News Whatsapp Channel | The Mainstream formerly known as CIO News Instagram
About us:
The Mainstream formerly known as CIO News is a premier platform dedicated to delivering latest news, updates, and insights from the tech industry. With its strong foundation of intellectual property and thought leadership, the platform is well-positioned to stay ahead of the curve and lead conversations about how technology shapes our world. From its early days as CIO News to its rebranding as The Mainstream on November 28, 2024, it has been expanding its global reach, targeting key markets in the Middle East & Africa, ASEAN, the USA, and the UK. The Mainstream is a vision to put technology at the center of every conversation, inspiring professionals and organizations to embrace the future of tech.
