CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Apple increases bug bounty payouts for zero-click RCE vulnerabilities

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Apple has expanded and redesigned its bug bounty program, doubling maximum payouts and adding new research categories. The highest reward is now $2 million for zero-click remote code execution (RCE) vulnerabilities, with a bonus system that can exceed $5 million. The program now includes higher payouts for various types of vulnerabilities, including one-click remote attacks, wireless proximity attacks, and unauthorized iCloud access. Apple also plans to distribute secured iPhone 17 devices to civil society organizations and researchers in 2026. The changes aim to incentivize the discovery and reporting of sophisticated security issues, particularly those exploited by mercenary spyware. The program has awarded $35 million to 800 security researchers since its inception in 2020. The expansion includes a $100,000 reward for a complete Gatekeeper bypass and a $1 million reward for broad unauthorized iCloud access. Apple's latest bug bounty announcement is a response to the growth of commercial spyware activity, with the UK’s National Cyber Security Centre (NCSC) estimating that the commercial cyber intrusion sector doubles every 10 years.

Timeline

  1. 10.10.2025 19:50 2 articles · 4d ago

    Apple increases bug bounty payouts for zero-click RCE vulnerabilities

    Apple has announced a major expansion and redesign of its bug bounty program, doubling maximum payouts and adding new research categories. The highest reward is now $2 million for zero-click remote code execution (RCE) vulnerabilities. The program now includes higher payouts for various types of vulnerabilities, including one-click remote attacks, wireless proximity attacks, and unauthorized iCloud access. Apple also plans to distribute secured iPhone 17 devices to civil society organizations and researchers in 2026. Apple has paid $35 million to more than 800 security researchers since the launch of the Apple Security Bounty program in 2020. The program includes a bonus system that can more than double the reward, with a maximum payout in excess of $5 million. The bug bounty program now includes a $100,000 reward for a complete Gatekeeper bypass and a $1 million reward for broad unauthorized iCloud access. Apple's latest bug bounty announcement is a response to the growth of commercial spyware activity.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Zeroday.Cloud Hacking Competition Announced with $4.5 Million in Prizes

The Zeroday.Cloud hacking competition, announced by Wiz, offers $4.5 million in bug bounties for exploits in widely used cloud software. The event, scheduled for December 10-11 at the Black Hat Europe conference in London, covers six categories: AI, Kubernetes, containers, web servers, databases, and DevOps tools. Participants must submit entries by December 1 and demonstrate exploits live at the event. The competition has faced controversy due to alleged rule copying from Trend Micro's Pwn2Own hacking competition. Wiz has partnered with AWS, Google Cloud, and Microsoft for the event. Google is also in the process of acquiring Wiz for $32 billion. Specific bounties range from $10,000 to $300,000, with detailed conditions and resources provided for each target.

Open in new tab