Apple(US:AAPL) 量子位·2025-10-11 06:04Core Points - Apple has significantly increased its security bounty program, with the maximum base reward now reaching $2 million, making it the highest known bounty program in the industry [3][9] - The program aims to attract top researchers capable of identifying complex vulnerabilities that could pose significant threats, particularly those mimicking commercial surveillance software attacks [8][9] - Since its inception nearly a decade ago, Apple has paid over $35 million to more than 800 researchers [7] Summary by Sections Security Bounty Program Upgrade - Apple has doubled the maximum base reward to $2 million for discovering critical vulnerabilities, reflecting its commitment to enhancing security [3][9] - Additional bonuses are available for finding vulnerabilities that bypass lock modes and test software, potentially raising total rewards to $5 million [9] Increased Reward Categories - Apple has raised the reward amounts for several vulnerability categories, encouraging exploration in key technical areas [10] - Specific rewards include $100,000 for bypassing Gatekeeper and $1 million for unauthorized iCloud access [10] - New categories have been added, such as $300,000 for WebKit sandbox escape and $1 million for wireless proximity attacks [10] Target Flags Initiative - Apple introduced Target Flags, allowing researchers to objectively demonstrate the exploitability of top bounty categories, which can expedite reward processing [11][12] - Researchers submitting reports with Target Flags will be eligible for accelerated rewards, even before fixes are released [12] Additional Security Measures - In 2022, Apple established a $10 million cybersecurity fund to support civil society organizations investigating targeted surveillance software attacks [13] - With the launch of iPhone 17, Apple introduced a memory integrity protection feature to enhance resistance against common software vulnerabilities [13] - Apple plans to provide 1,000 iPhone 17 devices to high-risk groups potentially targeted by commercial surveillance software [13] Implementation Timeline - The updated bounty program will take effect in November 2025, with detailed information on new categories and reward standards to be published on the Apple Security Research website [13]