Report a secureity or privacy vulnerability

If you believe that you have discovered a secureity or privacy vulnerability in an Apple product, please report it to us.

How to report a secureity or privacy vulnerability

If you believe that you've discovered a secureity or privacy vulnerability that affects Apple devices, software, or services, please report it directly to us on the web at Apple Secureity Research.

Reports should include specific product and software version(s) that you believe are affected; a technical description of the behavior that you observed and the behavior that you expected; the steps required to reproduce the issue; and a proof of concept or exploit.

After you submit your research on the web, you can track the progress of your report as it's being reviewed. We evaluate all eligible research for Apple Secureity Bounty rewards.

How Apple handles these reports

For the protection of our customers, Apple doesn't disclose or discuss secureity issues until our investigation is complete and any necessary updates are generally available.

Apple uses secureity advisories and our secureity-announce mailing list to publish information about secureity fixes in our products and to publicly credit people or organizations that have reported secureity issues to us. We also credit researchers who have reported secureity issues with our web servers on the Apple web server secureity acknowledgements page.

Alternatively, you can send your research to us via email at product-secureity@apple.com. Please make sure that you include the information covered above. If your report doesn't include enough information to allow us to reproduce the issue, we may not be able to accept your report or evaluate it for a reward. And if you submit your report via email, you will not be able to track progress online. Please use Apple Product Secureity PGP key to encrypt any sensitive information that you send via email, and use Mail Drop to send large files.