Bug Bounty Raised to $2M+

Apple overhauled its security researcher reward program, raising the ceiling to a base maximum of $2 million (up to $5 million with Lockdown Mode bypass and beta-phase early discovery bonuses). The key design principle: largest rewards are assigned to complete, real-world exploit chains — full attack chains capable of remotely compromising an iPhone (zero-click remote exploitation combining multiple vulnerabilities step-by-step) receive maximum compensation. This structure is designed to redirect advanced hacking techniques from the zero-day broker market and government/intelligence agency gray markets into Apple's official reporting channel, outcompeting the illegal/gray market economically. Three pillars of the program overhaul (announced October 10 on Apple's security blog): (1) Ceiling increase and bonus expansion — zero-click remote chains (spyware-grade) at up to $2M; Lockdown Mode bypass or early beta discovery adds bonus bringing total above $5M; (2) Category expansion — one-click WebKit sandbox escape ceiling raised; wireless proximity (all radio interfaces) category expanded to up to $1M; Gatekeeper full bypass $100K; broad iCloud unauthorized access $1M; rewards proportioned to real-world threat severity; (3) Target Flags introduction — researchers demonstrating register control, arbitrary R/W, or code execution can receive accelerated payment directly after verification, even before patches. Broader context: the commercial spyware market (NSO Group's Pegasus, Intellexa's Predator) operates on the premise that zero-day iOS vulnerabilities are worth millions in gray markets. By paying $2-5M for complete chains through legitimate channels, Apple aims to fundamentally alter the economics of vulnerability discovery — making disclosure to Apple more lucrative than selling to brokers or governments, thereby reducing the supply of weaponized zero-days while improving iOS security.