In a move that has sent waves through the cybersecurity world, Apple Inc. has unveiled a massive update to its Security Bounty Program, increasing the top reward to a staggering Rs16.6 crore ($2 million) for discovering critical security vulnerabilities. The updated policy, effective November 2025, underscores Apple’s commitment to fortifying its devices and software ecosystem against evolving digital threats.
A Game-Changer for Ethical Hackers
Apple’s Vice President of Security Engineering, Ivan Krstić, revealed that over 800 researchers have already been rewarded more than ₹290 crore ($35 million) collectively through the program. The new payout structure, however, represents a major leap — potentially turning bug hunting into a multi-crore opportunity for cybersecurity professionals.
The highest reward of ₹16.6 crore will go to researchers who uncover “exploit chains” capable of remotely compromising iPhones, iPads, or Macs without any user interaction — such as sophisticated zero-click spyware or network-level exploits.
Tiered Rewards for Different Exploits
Apple’s revised bounty system introduces multiple categories with attractive incentives:
◆Single-click user exploits: Up to Rs8.3 crore ($1 million)
◆Proximity-based attacks (Bluetooth, Wi-Fi, etc.): Up to Rs8.3 crore ($1 million)
◆Physical access vulnerabilities: Up to Rs4.1 crore ($500,000)
Additionally, vulnerabilities in Safari’s web engine or the macOS sandbox security layer now qualify for payouts up to Rs2.5 crore ($300,000) — further expanding Apple’s defensive reach.
Breaking Beta Barriers: Rewards Beyond Rs41 Crore
Apple has introduced special incentives for researchers testing its beta software versions. Those who discover bugs in iOS Beta or macOS Beta builds, or successfully bypass the Safari Lockdown Mode, could see rewards soar beyond ₹41 crore ($5 million) — the highest ever offered by any consumer tech company.
Fighting State-Sponsored Cyber Threats
Apple highlighted that most major iOS and macOS breaches in recent years stemmed from mercenary spyware developed by state-backed actors. To combat these risks, the company continues enhancing Lockdown Mode, Memory Integrity Enforcement, and the Rapid Security Response System.
According to Krstić, “Our goal isn’t just to find bugs — it’s to celebrate and reward the expertise that keeps billions of devices safe.”
A Golden Era for Cybersecurity Talent
This move positions Apple as one of the most rewarding companies for ethical hackers and cybersecurity researchers. It also emphasizes the global shift towards valuing white-hat hacking — professionals who protect users by exposing system flaws responsibly.
As cyberattacks grow more sophisticated, Apple’s new bounty structure not only raises the bar for security standards but also opens the door to life-changing rewards for skilled researchers. In the digital age, hacking ethically could be the next million-dollar career path.
