Hackers Discover 55 Apple Vulnerabilities, Awarded Nearly $300,000 in Bounties [Updated]

by

A group of hackers has been awarded nearly $300,000 by Apple for discovering 55 vulnerabilities in the company's systems.

3

Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes spent three months hacking Apple platforms and services to discover a range of weaknesses. The 55 vulnerabilities the team discovered were of varying severity, with some being critical.

During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.

Apple apparently was swift to address the majority of the vulnerabilities, with some being resolved in as little as a few hours.

Overall, Apple was very responsive to our reports. The turn around for our more critical reports was only four hours between time of submission and time of remediation.

As part of Apple's Security Bounty Program, the group was able to receive considerable payments for some of their work. As of Sunday, October 4, they had received four payments totaling $51,500. This included $5,000 for disclosing the full name of iCloud users, $6,000 for finding IDOR vulnerabilities, $6,500 for access to internal corporate environments, and $34,000 for discovering system memory leaks containing customer data.

Since no-one really knew much about their bug bounty program, we were pretty much going into unchartered territory with such a large time investment. Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure program is a massive step in the right direction to working with hackers in securing assets and allowing those interested to find and report vulnerabilities.

Apple has been actively investing in its bug bounty program since last year. Security researchers can now receive up to one million dollars per vulnerability depending on the nature and severity of the security flaw.

With the permission of Apple's security team, the group has published an extensive report which details a range of vulnerabilities and methods of locating and exploiting weaknesses. They also hinted that additional bounties may be on the way.

Update October 9: At the time of publication, the group reported that it had received $51,500 in bounties from Apple for four of the vulnerability reports it submitted. The group now says it has received 32 payments from Apple totaling $288,500.

Tags: Apple Security, Bug Bounty, Hack

Popular Stories

iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching in Three Months With These 12 New Features

Saturday June 14, 2025 5:45 pm PDT by
The iPhone 17 Pro and iPhone 17 Pro Max are three months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of June 2025:Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone X through iPhone 14 Pro have a...
Read Full Article128 comments
iPadOS 26 App Windowing

Apple Explains Why iPads Don't Just Run macOS

Friday June 13, 2025 7:46 am PDT by
iPadOS 26 allows iPads to function much more like Macs, with a new app windowing system, a swipe-down menu bar at the top of the screen, and more. However, Apple has stopped short of allowing iPads to run macOS, and it has now explained why. In an interview this week with Swiss tech journalist Rafael Zeier, Apple's software engineering chief Craig Federighi said that iPadOS 26's new Mac-like ...
Read Full Article229 comments
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday June 12, 2025 8:58 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Read Full Article69 comments
Logitech Logo Feature

Logitech Announces Two New Accessories for WWDC

Friday June 13, 2025 7:22 am PDT by
Alongside WWDC this week, Logitech announced notable new accessories for the iPad and Apple Vision Pro. The Logitech Muse is a spatially-tracked stylus developed for use with the Apple Vision Pro. Introduced during the WWDC 2025 keynote address, Muse is intended to support the next generation of spatial computing workflows enabled by visionOS 26. The device incorporates six degrees of...
Read Full Article24 comments
iOS 26 Screens

Here Are All the iOS 26 Features That Require iPhone 15 Pro or Newer

Thursday June 12, 2025 4:53 am PDT by
With iOS 26, Apple has introduced some major changes to the iPhone experience, headlined by the new Liquid Glass redesign that's available across all compatible devices. However, several of the update's features are exclusive to iPhone 15 Pro and iPhone 16 models, since they rely on Apple Intelligence. The following features are powered by on-device large language models and machine...
Read Full Article58 comments
CarPlay Liquid Glass Dark

Apple to Let iPhone Users Watch Videos on CarPlay Screen While Parked

Thursday June 12, 2025 6:16 am PDT by
Apple this week announced that iPhone users will soon be able to watch videos right on the CarPlay screen in supported vehicles. iPhone users will be able to wirelessly stream videos to the CarPlay screen using AirPlay, according to Apple. For safety reasons, video playback will only be available when the vehicle is parked, to prevent distracted driving. The connected iPhone will be able to...
Read Full Article71 comments
iOS 26 on Three iPhones

Hate iOS 26's Liquid Glass Design? Here's How to Tone It Down

Wednesday June 11, 2025 4:22 pm PDT by
iOS 26 features a whole new design material that Apple calls Liquid Glass, with a focus on transparency that lets the content on your display shine through the controls. If you're not a fan of the look, or are having trouble with readability, there is a step that you can take to make things more opaque without entirely losing out on the new look. Apple has multiple Accessibility options that ...
Read Full Article212 comments
Mac Studio Feature

Apple Begins Selling Refurbished Mac Studio With M4 Max and M3 Ultra Chips at a Discount

Thursday June 12, 2025 10:14 am PDT by
Apple today added Mac Studio models with M4 Max and M3 Ultra chips to its online certified refurbished store in the United States, Canada, Japan, Singapore, and many European countries, for the first time since they were released in March. As usual for refurbished Macs, prices are discounted by approximately 15% compared to the equivalent new models on Apple's online store. Note that Apple's ...
Read Full Article34 comments
iOS 26 Feature

Apple Seeds Revised iOS 26 Developer Beta to Fix Battery Issue

Friday June 13, 2025 10:15 am PDT by
Apple today provided developers with a revised version of the first iOS 26 beta for testing purposes. The update is only available for the iPhone 15 and iPhone 16 models, so if you're running iOS 26 on an iPhone 14 or earlier, you won't see the revised beta. Registered developers can download the new beta software through the Settings app on each device. The revised beta addresses an...
Read Full Article84 comments

Top Rated Comments

Expos of 1969 Avatar
Expos of 1969
61 months ago
That seems to be quite a low payment for finding 55 problems. Each guy made about $850/week.
Score: 35 Votes (Like | Disagree)
ksec Avatar
ksec
61 months ago
As part of Apple's Security Bounty Program ('https://www.macrumors.com/2019/12/20/apple-launches-public-bug-bounty-program/'), the group was able to receive considerable payments for some of their work. As of Sunday, October 4, they had received four payments totaling $51,500.
MacRumors just redefined the word "considerable" in Cooperate America.
Score: 21 Votes (Like | Disagree)
The Cappy Avatar
The Cappy
61 months ago
These kinds of headlines slay me. "Over $50,000" you say.

The correct amount was $51,500. It would have been both shorter and more accurate to type the correct number.You don't even have the excuse of vagueness being necessitated by the need for brevity, since you actually type the number in full. You just go out of your way to use incorrect numbers so that you later need to correct yourself. Oh well.
Score: 19 Votes (Like | Disagree)
adamdport Avatar
adamdport
61 months ago
$50k split between 5 people over 3 months...that's the equivalent of $40k/yr for these guys. I guess it didn't say they were working 40 hours a week, or were full time on apple though.
Score: 19 Votes (Like | Disagree)
cmaier Avatar
cmaier
61 months ago

I smell lawsuits coming.
Why? Unless someone can prove these vulnerabilities were used, what’s the harm?
Score: 17 Votes (Like | Disagree)
CrazyForCashews Avatar
CrazyForCashews
61 months ago
I appreciate how quickly Apple paid them.

News like this will probably encourage other hackers to disclose any more vulnerabilities to Apple knowing that they'll be rewarded in a timely manner.
Score: 13 Votes (Like | Disagree)
Read All Comments