Nearly a decade after the inception of its bug bounty program, Apple has raised the stakes once more in its ongoing battle against software vulnerabilities.

 During his presentation at the Hexacon offensive security conference in Paris on Friday, Ivan Krstić, Apple's vice president of security engineering and architecture, unveiled an increase in the maximum payout to $2 million.

This reward targets chains of software exploits that pose risks, especially concerning spyware.

This move underscores Apple's recognition of the critical value exploitable vulnerabilities hold within its tightly secured ecosystem. To deter these discoveries from reaching malicious entities, Apple extends not only individual payouts but also offers bonuses for exploits that can circumvent its extra-secure Lockdown Mode or are identified during beta testing phases. The cumulative potential award for discovering a catastrophic exploit chain now peaks at $5 million, with these changes rolling out next month.

"We are prepared to allocate millions here, and there's a compelling reason," Krstić expressed. "Our aim is to ensure that researchers who tackle the most challenging issues-the ones that mirror attacks orchestrated by mercenary spyware-are generously rewarded for their skills and dedication."

With over 2.35 billion active Apple devices worldwide, the company's bug bounty was initially reserved for select researchers when launched but expanded to public participation in 2020. Since then, Apple reports disbursing more than $35 million to over 800 security experts globally. While substantial payouts remain rare, several half-million dollar awards have been distributed recently.