Apple Security Bounty Categories

Apple Security Bounty reward payments are made at Apple’s sole discretion and are based on the type of issue, the level of access or execution achieved, and the quality of the report. A high-quality research report is critical to help us confirm and address an issue quickly, and could help you receive an Apple Security Bounty reward.

The examples shown for each category are representative of potential Apple Security Bounty payments. While we’re unable to anticipate specific reward payments in advance, we consider every security issue that has a significant impact to users for an Apple Security Bounty reward, even if it doesn’t match a published category.

Products / Topic /
Reward Range

Device attack via
physical access

  • Lock Screen bypass

    $5,000 – $100,000

  • User data extraction

    $5,000 – $250,000

Device attack via
user-installed app

  • Unauthorized access to sensitive data

    $5,000 – $100,000

  • Elevation of privilege

    $5,000 – $150,000

Network attack with
user interaction

  • One-click unauthorized access to sensitive data

    $5,000 – $150,000

  • One-click with
    elevation of privilege

    $5,000 – $250,000

Network attack without
user interaction

  • Zero-click radio to kernel with physical proximity

    $5,000 – $500,000

  • Zero-click unauthorized access to sensitive data

    $5,000 – $500,000

  • Zero-click kernel code execution with persistence and kernel PAC bypass

    $100,000 – $1,000,000

ProductsTopic / Reward Range
Device attack via
physical access
  • Lock Screen bypass

    $5,000 – $100,000

  • User data extraction

    $5,000 – $250,000

Device attack via
user-installed app
  • Unauthorized access to sensitive data

    $5,000 – $100,000

  • Elevation of privilege

    $5,000 – $150,000

Network attack with
user interaction
  • One-click unauthorized access to sensitive data

    $5,000 – $150,000

  • One-click with
    elevation of privilege

    $5,000 – $250,000

Network attack without
user interaction
  • Zero-click radio to kernel with physical proximity

    $5,000 – $500,000

  • Zero-click unauthorized access to sensitive data

    $5,000 – $500,000

  • Zero-click kernel code execution with persistence and kernel PAC bypass

    $100,000 – $1,000,000

ProductsTopicReward Range
Device attack via
physical access
Lock Screen bypass$5,000 – $100,000
Examples
User data extraction$5,000 – $250,000
Examples
Device attack via
user-installed app
Unauthorized access to sensitive data$5,000 – $100,000
Examples
Elevation of privilege$5,000 – $150,000
Examples
Network attack with
user interaction
One-click unauthorized access to sensitive data$5,000 – $150,000
Examples
One-click with
elevation of privilege
$5,000 – $250,000
Examples
Network attack without
user interaction
Zero-click radio to kernel with physical proximity$5,000 – $500,000
Examples
Zero-click unauthorized access to sensitive data$5,000 – $500,000
Examples
Zero-click kernel code execution with persistence and kernel PAC bypass$100,000 – $1,000,000
Examples

Some issues may qualify for an additional bonus.

TopicAdditional BonusMaximum Bounty
Beta Software: Issues that are unique to newly added features or code in developer and public beta releases, including regressions50%$1,500,000
Lockdown Mode: Issues that bypass the specific protections of Lockdown Mode100%$2,000,000
Topic
Beta Software: Issues that are unique to newly added features or code in developer and public beta releases, including regressions
Additional BonusMaximum Bounty
50%$1,500,000
Topic
Lockdown Mode: Issues that bypass the specific protections of Lockdown Mode
Additional BonusMaximum Bounty
100%$2,000,000

Give your work an even greater purpose.

Considering donating your reward? Apple matches donations of Apple Security Bounty rewards to qualifying causes — like the Ford Foundation’s Dignity and Justice Fund, which helps combat mercenary spyware.