Apple Doubles Bug Bounty Payout to $2 Million, Boosting Security Rewards for Researchers

Apple Doubles Down on Bug Bounty Program with $2 Million Maximum Payout At the Hexacon offensive security conference in Paris on Friday, Apple announced a significant increase to its bug bounty program, doubling the maximum payout for discovering major exploits from $1 million to $2 million. The move reflects the company's commitment to protecting its highly secure mobile environment and preventing vulnerabilities from falling into malicious hands. According to Ivan Krstić, Apple's vice president of security engineering and architecture, the new maximum payout is a response to the growing value of exploitable vulnerabilities in the digital landscape. "We recognize that the potential consequences of a chain of software exploits can be catastrophic," Krstić said. "By increasing our bug bounty program, we're incentivizing researchers and developers to help us identify and fix these issues before they can be abused." The updated bug bounty program includes a bonus structure for discovering exploits that can bypass Apple's extra secure Lockdown Mode as well as those found while the company's software is still in its beta testing phase. This adds an additional $3 million to the maximum award, bringing the total to $5 million. Since launching its bug bounty program nearly a decade ago, Apple has consistently demonstrated its commitment to security and transparency. The new payout structure reflects the company's willingness to invest in its security infrastructure and collaborate with external experts to identify and address vulnerabilities. The implications of this move are significant, as it sets a new standard for companies in the tech industry. By offering such a substantial reward, Apple is sending a clear message that it values the contributions of researchers and developers who help keep its ecosystem secure. As the digital landscape continues to evolve, companies like Apple must remain vigilant in protecting their users from emerging threats. The updated bug bounty program is a testament to Apple's dedication to this mission and its willingness to adapt to the changing security landscape. The changes take effect immediately, and Apple has invited researchers and developers to submit their findings through the company's bug bounty portal. With the new maximum payout in place, it remains to be seen how many vulnerabilities will be discovered and addressed as a result of this increased incentive. *Reporting by Arstechnica.*