New Delhi, October 14, 2025: Tech giant Apple has announced a major update to its Security Bounty Program, significantly increasing the rewards for security researchers. Under the new policy, anyone who identifies critical vulnerabilities in Apple’s software could earn up to ₹16.6 crore ($2 million). The updated program will take effect from November 2025, aiming to further strengthen the security of Apple devices and software.
The New Bounty Structure
Apple’s VP of Security Engineering, Ivan Krstić, stated that over 800 researchers have already received more than ₹290 crore ($35 million) in total rewards. While earning ₹16.6 crore ($2 million) is challenging, many researchers have previously earned ₹4 crore ($500,000) or more for significant findings.
According to Apple, researchers who uncover “exploit chains” capable of compromising devices like iPhones or Macs without any user interaction — such as spyware attacks or network-level exploits — could receive up to ₹16.6 crore ($2 million) in rewards.
FCRF Launches CCLP Program to Train India’s Next Generation of Cyber Law Practitioners
Earning Up to ₹8.3 Crore
- The updated bounty program also provides substantial rewards for less complex attacks:
- Researchers who identify single-click user exploits can now earn up to ₹8.3 crore ($1 million).
- Proximity-based attacks, which require being physically near the device, are also eligible for ₹8.3 crore ($1 million) rewards.
- Bugs requiring physical access to the device will earn up to ₹4.1 crore ($500,000).
Web and Sandbox Attacks: Up to ₹2.5 Crore
Apple has expanded its bounty program to include vulnerabilities in the Safari browser and the operating system’s sandbox security layer. Researchers who exploit these layers through web code execution can earn up to ₹2.5 crore ($300,000).
Additionally, if a researcher finds a critical bug in beta software (iOS Beta or macOS Beta) or bypasses Safari’s Lockdown Mode, the reward can exceed ₹41 crore ($5 million).
Strengthening Advanced Security
Apple noted that most system-level attacks on iOS and macOS in recent years have been linked to “mercenary spyware”, often sponsored by state actors. To counter such threats, Apple continues to enhance its security features, including Lockdown Mode, Memory Integrity Enforcement, and the Rapid Security Response System.
A Golden Opportunity for Researchers
Apple expects the updated bounty program to incentivize global cybersecurity researchers and ethical hackers to discover more sophisticated vulnerabilities. The company believes this initiative will not only improve device security for iPhone and Mac users but also elevate the profile of ethical hacking in the cybersecurity community.
Ivan Krstić emphasized, “Our goal is not just to find bugs, but to recognize and reward the expertise that keeps our products secure.”
This initiative sends a clear message to the tech industry: while digital security risks are inevitable, there are immense opportunities for skilled and ethical researchers to make a tangible impact — and potentially earn multi-crore rewards in the process.
