Apple Bug Bounty

Apple’s bug bounty program is a proactive way for the company to find and fix vulnerabilities in its products and services. The program offers a wide range of rewards to bounty hunters that find and report bugs.

Program Overview

Launched:

2016

Status:

Active

Platform

Self-hosted

Website

https://security.apple.com/bounty/

Payouts

Minimum Reward

$500

Maximum Reward

$2,000,000

Average Payout

$40,000

Total Payouts

$20 million

Scope

Products

  • Device attack via physical access
    • Lock Screen bypass
    • User data extraction
  • Device attack via user-installed app
    • Unauthorized access to sensitive data
    • Elevation of privilege
  • Network attack with user interaction
    • One-click unauthorized access to sensitive data
    • One-click with elevation of privilege
  • Network attack without user interaction
    • Zero-click radio to kernel with physical proximity
    • Zero-click unauthorized access to sensitive data
    • Zero-click kernel code execution with persistence and kernel PAC bypass
  • Beta Software: Issues that are unique to newly added features or code in developer and public beta releases, including regressions
  • Lockdown Mode: Issues that bypass the specific protections of Lockdown Mode

Services

  • iCloud
    • Unauthorized access to iCloud account data on Apple servers
  • Remote Code Execution
    • Command injection, deserialization bugs, XXE leading to RCE
  • Logic flaw bugs leaking or bypassing significant security controls
    • Direct object reference, remote user impersonation, account takeover, privilege escalation, IDOR, directory traversal, HTTP request smuggling, proxy misconfiguration leading to bypass of security controls
  • Unrestricted file system or database access
    • Unsandboxed XXE, SQL injection
  • Code execution on the client/server
    • Stored/DOM/Blind XSS, CSRF, SSR, HTML injection (more than phishing) or having write access authorization when prohibited
  • Confidential or sensitive data
    • Generalized access control issues leading to exposure of PII
  • Domain and subdomain takeovers
    • DNS zone, domain, and subdomain takeovers

Frequently Asked Questions

Does Apple have a bug bounty program?

Yes, Apple has a bug bounty program! You can find more information on how to submit security research and the variable compensation opportunities they provide at https://security.apple.com/bounty/.

How much does Apple pay for a security vulnerability?

It depends on the vulnerability. Apple has several different bug bounty payouts and bonuses available. Payouts range from $500 to a maximum bounty of $2 million. On average, successful reports in the product category receive a payout of $40,000.

How do I report a bug to Apple?

If you believe you have identified a security vulnerability in one of Apple’s products or services, you should visit Apple’s Bug Bounty Program. You will need to either create and Apple ID, or sign into an existing account to submit an official report. For non-security related bugs, refer to Apple’s Bug Reporting Docs.