Apple offers $2m bug bounty for vulnerabilities in new anti-spyware tech

Latest feature will protect against targeted attacks

Apple has launched a security bug bounty for its new Lockdown Mode feature, which aims to give users heightened protection against spyware attacks.

Lockdown Mode, which will ship with iOS 16, iPadOS 16, and macOS Ventura, is “an extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security”.

The feature is designed to thwart against targeted attacks from the growing number of private companies developing mercenary spyware for nation-states around the world.

Announcing the news on July 6, Apple said it will be available to users this fall.

Bug bounty offerings

Apple also revealed it has established a new category within the Apple Security Bounty program to reward researchers who find Lockdown Mode bypasses and help improve its protections.

Bounties are doubled for qualifying findings in Lockdown Mode, up to a maximum of $2 million — one of the highest maximum bug bounty payouts in the industry.

Some of the optional protections on offer through Lockdown Mode include blocking attachments other than images and disabling link previews in messages.

It’s also possible to disable web technologies such as just-in-time (JIT) JavaScript compilation for untrusted websites, along with blocking communication requests, including FaceTime calls, if the user has not previously sent the initiator a call or request.