Fancy making millions hacking Apple? iPhone maker now offers huge bug bounty worth up to $2m
Date:
Mon, 13 Oct 2025 18:10:00 +0000
Description:
Zero-click flaws are usually leveraged by state-sponsored actors against high-profile targets.
FULL STORY ======================================================================Apple now offers $2 million for zero-click RCE flaws in its devices Zero-click attacks require no user interaction and are often used in cyber-espionage Revamped bug bounty program includes new categories, bonuses, and payouts up to $5 million
If you want to earn a cool $2 million, all you need to do is discover a zero-click remote code execution (RCE) vulnerability in an Apple device.
Yes, it is as difficult as it sounds, which is why Apple doubled the bounty for zero-click flaws, for which it previously offered up to $1 million in rewards.
Security researchers can also earn a million dollars for finding one-click remote attacks, wireless proximity attacks, broad unauthorized iCloud access flaws, and WebKit exploit chains leading to unsigned arbitrary code
execution. "Unprecedented" amount
The upgraded rewards come as part of Apple's new, completely revamped bug bounty program, with new categories, new reward structure, and higher
payouts.
Zero-click vulnerabilities are, as the name suggests, those that can be exploited with zero clicks from the victims side. Usually, running malware on a device requires at least one click from the victim, such as running a program, or granting certain permissions.
Zero-click flaws are infinitely more dangerous, as they can be abused even if the victim is both conscious and security-savvy, and does absolutely nothing to put themselves in harms way.
An example of a zero-click attack would be sending a specially crafted MMS message to the victim which grants the attackers access even if the user doesnt read it. These vulnerabilities are few and far between, and are
usually secretly leveraged by state-sponsored actors engaged in cyber-espionage.
This is an unprecedented amount in the industry and the largest payout
offered by any bounty program were aware of - and our bonus system, providing additional rewards for Lockdown Mode bypasses and vulnerabilities discovered in beta software, can more than double this reward, with a maximum payout in excess of $5 million, Apple said.
Serious money can also be earned by discovering attacks on locked devices
with physical access, app sandbox escape flaws, one-click WebKit sandbox escape flaws, and complete Gatekeeper bypasses - without user interaction.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. You might also like Apple opens up Private Cloud Compute to security researchers, offers bug bounties up to $1 million Take a look at our guide to the best authenticator app We've rounded up the best password managers
======================================================================
Link to news story:
https://www.techradar.com/pro/security/apple-offers-huge-bug-bounty-worth-up-t o-usd2m
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)