Apple Security Bounty

2025: Reduced rewards for white hackers

In mid-December 2025, information security experts began to report that Apple had significantly reduced the amount of rewards for detecting vulnerabilities in macOS operating systems and other products. We are talking about the Apple Security Bounty program, in which white hackers receive money in exchange for information about found holes in the software.

Both individual researchers and teams can participate in the Apple Security Bounty program. However, there are some limitations: the age of specialists must be at least 18 years old, while Apple employees and their next of kin are not eligible to apply. Reward amounts can range from a few thousand to millions of dollars - depending on the severity of the problem. Special bonuses are provided for bypassing security functions and detecting vulnerabilities in beta versions. The program motivates the world's best specialists to find and report the most difficult problems before attackers use them.

𝓲

Фото: Reuters

In October 2025, Apple updated the Apple Security Bounty program, significantly increasing payments for detecting critical vulnerabilities: the amount of reward can reach $2 million for exploit chains. And taking into account bonuses, the potential maximum reward theoretically exceeds $5 million.

However, information security specialist Csaba Fitzl said that in fact, the amount of remuneration has decreased in many cases. Thus, the maximum payments for bypassing TCC (Transparency, Consent, Control) decreased from $30,000 to $5,000, and for leaving the sandbox - from $10,000 to $5,000. For certain TCC categories, payments were reduced from $5,000 - $10,000 to $1,000. Fitzle believes that in such a situation, many white hackers may have no desire to report vulnerabilities to Apple^[1]

Notes