Apple Launches $2 Million Bug Bounty Program Targeting State-Sponsored Exploits
CUPERTINO, CALIFORNIA – October 8, 2025 – apple today announced a groundbreaking bug bounty program โoffering rewards of up to $2 millionโข for vulnerabilities discovered in its products that demonstrate “zero-click” โexploits used for targeted spyware attacks. The program, significantly increasing Apple’sโฃ previous maximum bounty of $1.5 million, aims to bolster โคsecurity against elegant threats โposed by nation-state actors and mercenary spyware companies.
The initiative represents Apple’s most considerable investment yet in proactive security research, acknowledging the escalating danger of highly advanced cyberattacks. Unlike traditional bug bounties focused on crashes or dataโฃ leaks, this program specifically targets exploits that require no user interaction – meaning attackers can gain access to devices andโ data without the โvictim clicking a link or opening a maliciousโ file. This type of exploit is often referred to as a “zero-click”โ attack and is considered โthe most perilous.
“We are constantly โworking โto strengthen the security of our products, and โthis new program is a criticalโฃ part of that effort,” โคsaidโข a statementโ released by Apple. “By incentivizing security researchers to find and report these vulnerabilities, we โcan proactively address them and โฃprotect our users from the most sophisticated attacks.”
The program will focus on vulnerabilities in iPhone, iPad, and Mac operating systems. apple will evaluate submissionsโ based on factors including exploit โcomplexity,potential impact,and the quality of the report.โ Researchers are encouraged to submit detailed reports through Apple’s Security Research website.
This move comes amid growing concerns about the proliferation ofโค spyware like pegasus, developed by NSOโ Group, and similar tools used for surveillance. Apple has previously taken legal action against NSO Group, and has implemented security features like Lockdownโข Mode to protect users at โhigh risk of targeted attacks. The expanded bug bounty program is a further step in Apple’s ongoing commitment to user privacy and securityโข in the face of increasingly sophisticated threats.