If you find an Apple vulnerability, you could walk away with $2M

Macworld

As our iPhones have gotten more refined, mature, and sophisticated, so too have the attacks seeking to steal the information that’s on them. In response, Apple has announced “the next major chapter” in its Security Bounty program.

Notably, Apple is doubling its top award from $1 million to $2 million, specifically for “exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks.” Apple says it is also “doubling or significantly increasing rewards” in other categories as well, including $100,000 for a complete Gatekeeper bypass and $1 million for broad unauthorized iCloud access, neither of which has ever been exploited.

Additionally, Apple is introducing Target Flags to its Security Bounty program as a new way for researchers to objectively demonstrate exploitability for top bounty categories. Researchers who submit Target Flags reports will be eligible for “accelerated awards,” which are paid out before a fix becomes available.

Target Flags are available for iOS, iPadOS, macOS, visionOS, watchOS, and tvOS, and cover a wide range of areas.

Finally, the 2026 Security Research Device Program now includes all iPhone 17 models with Apple’s latest security advances, including Memory Integrity Enforcement for the A19 and A19 Pro chips, designed to stop memory corruption bugs before they reach the user. The program is available to applicants with proven security research track records on any platform. 

Apple says its latest security program updates will go into effect as of November 1.