As part of Apple’s commitment to security, we reward researchers who share with us critical issues and the techniques used to exploit them. We make it a priority to resolve confirmed issues as quickly as possible in order to best protect customers. Apple offers public recognition for those who submit valid reports, and will match donations of the bounty payment to qualifying charities.*
In order to be eligible for an Apple Security Bounty, the issue must occur on the latest publicly available versions of iOS, iPadOS, macOS, tvOS, or watchOS with a standard configuration and, where relevant, on the latest publicly available hardware. These eligibility rules are meant to protect customers until an update is available, ensure Apple can quickly verify reports and create necessary updates, and properly reward those doing original research. Researchers must:
Issues that are unknown to Apple and are unique to designated developer betas and public betas, including regressions, can result in a 50% bonus payment. Qualifying issues include:
Bounty payments are determined by the level of access or execution achieved by the reported issue, modified by the quality of the report. A maximum amount is set for each category. The exact payment amounts are determined after review by Apple. All security issues with significant impact to users will be considered for Apple Security Bounty payment, even if they do not fit the published bounty categories. Apple Security Bounty payments are at Apple’s discretion.
| Topic | Maximum Payout
Unauthorized access to iCloud account data on Apple Servers
Device attack via physical access |
Lock screen bypass
User data extraction
Device attack via user-installed app |
Unauthorized access to sensitive data**
Kernel code execution
CPU side channel attack
Network attack with user interaction |
One-click unauthorized access to sensitive data**
One-click kernel code execution
Network attack without user interaction |
Zero-click radio to kernel with physical proximity
Zero-click unauthorized access to sensitive data**
Zero-click kernel code execution with persistence and kernel PAC bypass
The goal of the Apple Security Bounty is to protect customers through understanding both vulnerabilities and their exploitation techniques. Reports that include a basic proof of concept instead of a working exploit are eligible to receive no more than 50% of the maximum payout amount. Reports lacking necessary information to enable Apple to efficiently reproduce the issue will result in a significantly reduced bounty payment, if accepted at all.
A complete report includes:
Maximizing Your Payout
To maximize your payout, keep in mind that Apple is particularly interested in issues that:
In addition to a complete report, issues that require the execution of multiple exploits, as well as one-click and zero-click issues, require a full chain for maximum payout. The chain and report must include:
Send your report by email to email@example.com. Whenever possible, encrypt all communications with the Apple Product Security PGP Key. Include all relevant videos, crash logs, and system diagnosis reports in your email. If necessary, use Mail Drop to send large files. Learn how to report a security or privacy vulnerability.
View a list of example bounty payouts.
Read the legal requirements for the Apple Security Bounty Program.
|Scope Type||Scope Name|
This program crawled on the 2019-12-20 is sorted as bounty.