Let's "Break" iPhones: Apple Announces Record Payouts for iOS Security Researchers
The company has decided to outplay the black market for exploits using its own methods—with large sums of money.
The company has decided to outplay the black market for exploits using its own methods—with large sums of money.
Apple has significantly expanded its bounty program for vulnerabilities related to the security of the iOS ecosystem. At the Hexacon offensive security conference in Paris, Ivan Krstić, Apple's Vice President of Architecture and Security Engineering, announced a maximum bounty of $2 million for a vulnerability chain that can be used for espionage purposes.
Furthermore, if such an exploit chain can bypass the additional Lockdown Mode protection or is discovered in a system beta version, the total bonus can reach up to $5 million. The new rules come into effect next month.
This decision reflects the company's concern about the growth of the commercial spyware market and its aim to cut off the path to their exploitation at the stage of discovering critical weaknesses. Apple emphasizes that it particularly values findings that replicate the logic of real-world attacks—and is willing to pay large sums precisely for such investments of time and effort.
According to Krstić, the company has already paid out half a million dollars for individual findings, and in total since 2020, when the program was opened to all researchers, it has awarded over $35 million to more than 800 researchers.
In addition to increasing rewards, the company has expanded the list of vulnerability types eligible for the program. It now includes one-click attacks through the WebKit browser infrastructure and methods based on the use of radio channels in close proximity to the device.
A new Target Flags category has also been added—essentially integrating elements of CTF competitions into real-world testing of Apple products. This allows for demonstrating the effectiveness of exploits quickly and clearly, increasing the transparency of the process.
Beyond creating incentives for vulnerability hunters, Apple is investing in the long-term protection of its products at the architectural level. In September, the company introduced the Memory Integrity Enforcement mechanism, built into the iPhone 17 lineup. It is designed to block the most frequently used class of bugs in iOS and is aimed primarily at protecting vulnerable groups, including political activists, journalists, and human rights defenders.
Apple emphasizes that even if most users never encounter spyware threats, the work to protect the most vulnerable groups strengthens the security of the entire ecosystem. The company explains this as a necessity of moral responsibility—especially in the context of constant abuses of such technologies, which are regularly reported by both IT companies and human rights organizations.