Apple has significantly increased its bug bounty rewards, now offering up to $2 million for zero-click remote code execution (RCE) vulnerabilities. This move aims to incentivize security researchers to discover and responsibly disclose critical flaws in Apple products, particularly those that require no user interaction to exploit. Zero-click RCE vulnerabilities are among the most dangerous as they allow attackers to execute arbitrary code remotely without any action from the victim, posing severe risks to user privacy and device security. Apple’s enhanced bounty program reflects the company’s commitment to strengthening its security posture amid rising cyber threats. The program targets vulnerabilities in iOS, macOS, watchOS, and other Apple platforms, encouraging researchers to focus on high-impact bugs. This initiative not only helps Apple improve its defenses but also fosters a collaborative security community. Researchers who identify qualifying vulnerabilities can receive rewards ranging from $100,000 to $2 million, depending on the exploit's complexity and impact. Apple’s move aligns with industry trends where tech giants are boosting incentives to combat increasingly sophisticated cyberattacks. The increased bounty underscores the critical nature of zero-click exploits and the importance of proactive vulnerability management. Overall, Apple’s enhanced bug bounty program is a strategic step to safeguard its ecosystem and protect millions of users worldwide from advanced cyber threats.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 10 Oct 2025 16:55:23 +0000