- Jun 27, 2026
Staff Reporter | PNN:
Apple’s Vice President of Security Engineering and Architecture, Ivan Krstic, announced at the Hexacon Conference in Paris that the maximum reward for identifying a malicious software exploit chain used in spyware has been set at $2 million.
Additionally, for exploits discovered in Lockdown Mode bypasses or beta software, with extra bonuses included, the maximum reward can now reach $5 million. Apple stated that there are over 2.35 billion active devices worldwide. Since opening the program to the public in 2020, Apple has paid more than $35 million to over 800 security researchers.
Krstic also mentioned that the new bug bounty categories include WebKit browser exploits and wireless proximity exploits. Moreover, a new feature called “Target Flags” will allow real-world testing similar to hacking competitions.
The main goal of Apple’s initiative is to reduce dangerous security vulnerabilities and prevent their misuse. The new iPhone 17 includes Memory Integrity Enforcement to enhance protection for the most at-risk users, and this month Apple will donate 1,000 iPhone 17 units to human rights organizations.
Krstic stated, “While the vast majority of users will never be directly targeted, this effort will increase security for everyone.”