Apple Launches $2 Million Bug Bounty Program Targeting State-Sponsored Exploits
CUPERTINO, CALIFORNIA – October 8, 2025 – apple today announced a groundbreaking bug bounty program offering rewards of up to $2 million for vulnerabilities discovered in its products that demonstrate “zero-click” exploits used for targeted spyware attacks. The program, significantly increasing Apple’s previous maximum bounty of $1.5 million, aims to bolster security against elegant threats posed by nation-state actors and mercenary spyware companies.
The initiative represents Apple’s most considerable investment yet in proactive security research, acknowledging the escalating danger of highly advanced cyberattacks. Unlike traditional bug bounties focused on crashes or data leaks, this program specifically targets exploits that require no user interaction – meaning attackers can gain access to devices and data without the victim clicking a link or opening a malicious file. This type of exploit is often referred to as a “zero-click” attack and is considered the most perilous.
“We are constantly working to strengthen the security of our products, and this new program is a critical part of that effort,” said a statement released by Apple. “By incentivizing security researchers to find and report these vulnerabilities, we can proactively address them and protect our users from the most sophisticated attacks.”
The program will focus on vulnerabilities in iPhone, iPad, and Mac operating systems. apple will evaluate submissions based on factors including exploit complexity,potential impact,and the quality of the report. Researchers are encouraged to submit detailed reports through Apple’s Security Research website.
This move comes amid growing concerns about the proliferation of spyware like pegasus, developed by NSO Group, and similar tools used for surveillance. Apple has previously taken legal action against NSO Group, and has implemented security features like Lockdown Mode to protect users at high risk of targeted attacks. The expanded bug bounty program is a further step in Apple’s ongoing commitment to user privacy and security in the face of increasingly sophisticated threats.
