Apple offers $2 million for zero-click exploit chains


Apple bug bounty program’s categories are expanding and rewards are rising, and zero-click exploit chains may now earn researchers up to $2 million.

“Our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million,” Apple noted.

The top rewards in all categories will apply only for issues affecting the company’s latest publicly available software and hardware, i.e., the ones with the most advance security protections.

Something for everybody

Since the introduction of Apple’s bounty program, the company has introduced security defenses like Lockdown Mode, an upgraded security architecture in the Safari browser, and Memory Integrity Enforcement.

And while these make system-level iOS attacks more expensive and difficult to develop, Apple knows that the mercenary spyware industry and other advanced adversaries are continually evolving and adapting their attack techniques.

The company is apparently also mindful that the effort (and time) required to find new avenues of attack is considerable and should be adequately rewarded.

Thus, the maximum rewards for certain categories of exploits and attacks has doubled or even quadrupled:

Increased rewards for five key attack vectors (Source: Apple)

Other notable maximum rewards:

  • Full Gatekeeper bypass with no user interaction: $100,000
  • Exploit chaining WebKit’s WebContent code execution with a sandbox escape: $300,000
  • Exploit chaining WebKit’s WebContent code execution + sandbox escape + unsigned code execution with arbitrary entitlements: $1 million
  • Broad unauthorized iCloud access: $1 million
  • Wireless proximity exploit over all radio interfaces in Apple’s latest devices: $1 million

The final amount of the reward depends on the demonstrated outcome, and even individual chain components will be eligible for (smaller) rewards. Apple is also introducing Target Flags, a new way for researchers to clearly show that certain security issues can actually be exploited.

Budding bug hunters who are just starting to probe Apple’s platforms and find low impact issues outside of Apple Security Bounty categories will also start getting a small reward: $1,000.

“These updates will go into effect in November 2025. At that time, we will publish the complete list of new and expanded categories, rewards, and bonuses on the Apple Security Research site, along with detailed instructions for taking advantage of Target Flags, updated program guidelines, and much more,” the company concluded.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!



Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.