In its latest bug bounty program, Apple is offering as much as $2 million, or approximately ₹17.7 crore, for identifying "exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks", also known as a zero-click hack. This represents the highest tier of the bounty. Apple is also offering rewards for finding bugs in Lockdown Mode, focusing on issues that bypass its protections. For this, Apple offers a maximum payout of $2 million. The company also provides a maximum bounty of $1.5 million for beta software issues.

“This is an unprecedented amount in the industry and the largest payout offered by any bounty program we’re aware of — and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million,” Apple said.

Apple has stated that updates to its bug bounty programme will take effect in November 2025. The company will publish a complete list of new and expanded categories, rewards, and bonuses on the Apple Security Research site, along with instructions.

What are Bug Bounty programs?

Bug bounties are a major initiative by top tech brands like Apple, Google, and others to identify potential loopholes in their services that could be exploited and affect their customers. To address this, these brands offer large sums of money to researchers who can find such vulnerabilities so they can be patched.