{"id":7699,"date":"2025-10-16T05:03:35","date_gmt":"2025-10-16T05:03:35","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/10\/16\/apples-bug-bounty-program-html\/"},"modified":"2025-10-16T05:03:35","modified_gmt":"2025-10-16T05:03:35","slug":"apples-bug-bounty-program-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/10\/16\/apples-bug-bounty-program-html\/","title":{"rendered":"Apple\u2019s Bug Bounty Program"},"content":{"rendered":"\n<div>Apple\u2019s Bug Bounty Program<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Apple is now offering a <a href=\"https:\/\/arstechnica.com\/security\/2025\/10\/apple-ups-the-reward-for-finding-major-exploits-to-2-million\/\">$2M<\/a> <a href=\"https:\/\/www.csoonline.com\/article\/4071044\/apple-bumps-rce-bug-bounties-to-2m-to-counter-commercial-spyware-vendors.html\">bounty<\/a> for a zero-click exploit. According to <a href=\"https:\/\/security.apple.com\/blog\/apple-security-bounty-evolved\/\">the Apple website<\/a>:<\/p>\n<blockquote>\n<p>Today we\u2019re announcing the next major chapter for Apple Security Bounty, featuring the industry\u2019s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards.<\/p>\n<ol>\n<li>We\u2019re doubling our top award to $2 million for exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks. This is an unprecedented amount in the industry and the largest payout offered by any bounty program we\u2019re aware of \u00ad and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million. We\u2019re also doubling or significantly increasing rewards in many other categories to encourage more intensive research. This includes $100,000 for a complete Gatekeeper bypass, and $1 million for broad unauthorized iCloud access, as no successful exploit has been demonstrated to date in either category.\n<\/li>\n<li>Our bounty categories are expanding to cover even more attack surfaces. Notably, we\u2019re rewarding one-click WebKit sandbox escapes with up to $300,000, and wireless proximity exploits over any radio with up to $1 million.\n<\/li>\n<li>We\u2019re introducing Target Flags, a new way for researchers to objectively demonstrate exploitability for some of our top bounty categories, including remote code execution and Transparency, Consent, and Control (TCC) bypasses \u00ad and to help determine eligibility for a specific award. Researchers who submit reports with Target Flags will qualify for accelerated awards, which are processed immediately after the research is received and verified, even before a fix becomes available.<\/li>\n<\/ol>\n<\/blockquote>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Bruce Schneier<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/www.schneier.com\/blog\/archives\/2025\/10\/apples-bug-bounty-program.html\">Go to bruce schneier<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apple\u2019s Bug Bounty Program Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we\u2019re announcing the next major chapter for Apple Security Bounty, featuring the industry\u2019s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrate vulnerabilities and obtain accelerated awards. We\u2019re doubling [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[276,57,1264,253,1,416],"tags":[87],"class_list":["post-7699","post","type-post","status-publish","format-standard","hentry","category-apple","category-bruce-schneier","category-exploits","category-spyware","category-uncategorized","category-vulnerabilities","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7699"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=7699"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/7699\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=7699"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=7699"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=7699"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}