FOLLOW US

Tue

July 14, 2026

America October 9, 2020 4 mins read

Apple bug bounty program: hackers rewarded $288,500 for reporting 55 vulnerabilities

America ı By Jackie Allen

0 Comments

ciobulletin-apple-bug-bounty-program

Apple Inc (NASDAQ: AAPL) rewarded $28,500 to a team of hackers who submitted a detailed report about the 55 vulnerabilities they found after hacking the tech giant's security bounty or bug bounty program.

In a blog post, one of the hackers, Sam Curry wrote that he and his fellow hackers spent three months hacking the Apple Security Bounty program.

 He and Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked as a team from July 6 to October 6 understanding the Apple infrastructure and targeting its individual web servers that they think are more likely to have security flaws.

According to Curry, they discovered 55 vulnerabilities with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports.

The security flaws that they found in the tech giant's infrasture could have "allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects," wrote Curry.

He added that the vulnerabilities could have enabled bad actors to "fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources."

Curry noted that most of the vulnerabilities they reported to Apple have been fixed as of October 6. It only takes as little as 4-6 hours to fix the problems.

Apple has a massive and complex infrastructure

Curry said they started scanning to determine what the Apple universe includes and what parts would be accessible to them. The results of their scanning were indexed in a dashboard along with HTTP status code, response body, headers, and a screenshot of the accessible web servers under the various domains owned by Apple.

Apple owns all of the 17.0.0.0/8 IP range, including 25,000 web servers with 10,000 under apple.com, 7,000 unique domains, as well as Apple’s own TLD (.apple) are part of this vital and growing infrastructure. 

Curry said they spent the majority of their time on the core foundations. The core of functionality comes from the 17.0.0.0/8 IP range, .apple.com, and .icloud.com.

They extensively scanned Apple’s systems and tested various exploits and found vulnerabilities. 

The team wasn't able to disclose all of the flaws they found but Curry provided write-ups for some of the more interesting vulnerabilities in their report.

Some of the more important vulnerabilities discovered were a “full compromise of Apple's Distinguished Educators Program; a cross-site scripting attack that could allow hackers to steal user iCloud data via email; and a vulnerability that may have allowed attackers to compromise Apple's internal inventory and warehousing system.”

Curry emphasized that his team obtained permission from Apple's product security team to publish information on the vulnerabilities. "All of the vulnerabilities disclosed here have been fixed and re-tested. Please do not disclose information pertaining to Apple's security without their permission," Curry said.

he also noted, "Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure program is a massive step in the right direction to working with hackers in securing assets and allowing those interested to find and report vulnerabilities."

Recently Apple’s relationships with its users and developers have come into question.

The Apple bug bounty program

Apple’s Developer Program is where developers use the company's architecture to create their own apps.

The tech had long-maintained an invitation-based bug bounty program for selected security researchers looking for iOS security bugs. Originally, it only paid bounties for issues affecting physical products like the iPad or the iPhone

In December 2019, the company launched the Apple Security Bounty program as part of its commitment to ensuring that all of its infrastructure, products, and services are secure. Apple encouraged its existing developers, outside cyber researchers, and hackers to report security flaws and in return will give them rewards. 

Under the revamped bug bounty program, any security researcher who finds security flaws in iOS, macOS, tvOS, watchOS, or iCloud becomes eligible to receive cash payouts with the disclosure of bugs and vulnerabilities.

----------------------------------------

Have a story you want USA Herald to cover? Submit a tip here and if we think it's newsworthy, we'll follow up on it.

Want to contribute a story? We also accept article submissions -- check out our writer's guidelines here.

Previous Article

Six men arrested, charged with conspiracy to kidnap Michigan Gov. Gretchen Whitmer

Read More
3227 Posts

Jackie Allen

Jackie is a freelance journalist and technology geek. She worked as a telecom project director for AT&T and BellSouth. Before joining the USA Herald she has written books, articles, blogs and whitepapers. Her clients include Samsung and other technology companies.

Discussion

No comments yet. Be the first to join the discussion!

Don’t Miss It
America July 12, 2026
two killed in Toronto After Deadly street festival shooting
By – Rihem Akkouche
America July 12, 2026
Elephant Fire burns 4500 acres in Sierra County
By – Rihem Akkouche
Arizona January 11, 2025
Kelly Warner Law Firm Blames USA…

In what appears as a desperate attempt to defend multiple…

By – USA Herald
Arizona January 4, 2025
Aaron Kelly Law Firm Resorts To…

Attorney Aaron Kelly and his law partner Daniel Warner are…

By – Jeff Watterson
Arizona December 12, 2024
Arizona Bar Opens Investigation on Attorney…

USA Herald recently reported on a developing story involving Attorneys…

By – Paul O'Neal
America July 11, 2026
1 dead After fire at Davis…

A Saturday morning that began like any other in South…

By – Rihem Akkouche
America July 11, 2026
Apple Sues OpenAI Over Trade Secrets…

The partnership that placed ChatGPT inside hundreds of millions of…

By – Rihem Akkouche
America July 11, 2026
NYT Air Force One Subpoena Targets…

They came on a Friday evening, to the homes of…

By – Rihem Akkouche
America July 11, 2026
Gordie Howe Bridge to Open on…

Named for a hockey legend who won four Stanley Cups…

By – Rihem Akkouche
America July 11, 2026
Teen Football Player’s Death on Uninhabited…

Christine and Elmore Wonsley are not sleeping. They cannot. A…

By – Rihem Akkouche
America July 11, 2026
Hundreds Of People at Summer Camp…

The water came faster than the roads could handle and…

By – Rihem Akkouche
America July 11, 2026
Hundreds Of People at Summer Camp…

The water came faster than the roads could handle and…

By – Rihem Akkouche
America July 11, 2026
UFC Event Allegedly Targeted in White…

WASHINGTON, D.C. — A historic UFC Event held on the…

By – Jackie Allen
America July 10, 2026
Russia Sanctions Bill Gains BiPartisan as…

WASHINGTON, D.C. — Russia Sanctions legislation moved closer to becoming…

By – Jackie Allen
America July 10, 2026
Manhattanhenge 2026: Final Summer Sunset Alignment…

NEW YORK — Manhattanhenge is making its final appearance of…

By – Jackie Allen
America July 10, 2026
Jared Isaacman Says NASA Has Unexplained…

WASHINGTON, D.C. — Jared Isaacman, the administrator of NASA, says…

By – Jackie Allen
America July 9, 2026
Erika Kirk Seeks Public Release of…

Erika Kirk, the widow of Turning Point USA co-founder Charlie…

By – Jackie Allen
America July 9, 2026
Erika Kirk Seeks Public Release of…

Erika Kirk, the widow of Turning Point USA co-founder Charlie…

By – Jackie Allen
America July 9, 2026
Bonnie Tyler Remembered as Legendary Welsh…

Bonnie Tyler, the Welsh singer whose unmistakable raspy voice powered…

By – Jackie Allen
America July 9, 2026
Assault on Iran Escalates as U.S.…

The Assault on Iran intensified after the United States launched…

By – Jackie Allen
America July 9, 2026
Broadcom Deal: Apple Commits More Than…

Apple is dramatically expanding its investment in American semiconductor manufacturing…

By – Jackie Allen
America July 8, 2026
Arranged Marriage Ends in Tragedy: Amazon…

An Arranged Marriage that began in the summer of 2025…

By – Jackie Allen
America July 8, 2026
Forensic Scientist Henry Lee’s Final Interview…

A legendary Forensic Scientist whose testimony influenced some of America’s…

By – Jackie Allen
America July 8, 2026
Forensic Scientist Henry Lee’s Final Interview…

A legendary Forensic Scientist whose testimony influenced some of America’s…

By – Jackie Allen
America July 6, 2026
Accused of Rape:  Graham Platner Denies…

Accused of Rape, Maine Democratic U.S. Senate candidate Graham Platner…

By – Jackie Allen
America July 6, 2026
AI Regulation Debate Intensifies After Peter…

 The global debate over AI Regulation took a dramatic turn…

By – Jackie Allen
America July 5, 2026
California Chaos: Fourth of July Celebrations…

California Chaos unfolded across parts of Southern California during the…

By – Jackie Allen
America July 5, 2026
Paul Pelosi Faces Charge After Alleged…

Paul Pelosi, the husband of former House Speaker Nancy Pelosi,…

By – Jackie Allen
America July 4, 2026
Beach Closures Expand Across Long Island…

Beach Closures were spread across parts of New York just…

By – Jackie Allen
America July 4, 2026
Beach Closures Expand Across Long Island…

Beach Closures were spread across parts of New York just…

By – Jackie Allen
America July 3, 2026
Mars Rover Images Lead to Debates…

A new Mars Rover image captured by NASA’s Curiosity mission…

By – Jackie Allen
America July 3, 2026
Taylor Swift and Travis Kelce’s Star-Studded…

Taylor Swift and Travis Kelce’s highly anticipated wedding is finally…

By – Rihem Akkouche
America July 3, 2026
Federal Judge Sends Bad Bunny Reggaeton…

INSIDE THIS REPORT A federal judge denied summary judgment to…

By – Samuel Lopez
America July 3, 2026
Mike Rowe Sues Discovery for $2…

Inside This Report Mike Rowe is suing Discovery, claiming the…

By – Samuel Lopez
America July 3, 2026
7-Eleven Sues Nike Over Alleged Air…

INSIDE THIS REPORT Nike faces a federal trademark lawsuit over…

By – Samuel Lopez
Health July 2, 2026
The Hidden Science Behind Why Your…

For millions of people, the first conscious act of the…

By – Tyler Brooks
Health July 2, 2026
The High Cost of the Infinite…

A significant legal chapter is closing for one of the…

By – Tyler Brooks
Health July 2, 2026
Kentucky Medicaid Alert How The Upcoming…

A significant change is arriving for thousands of Kentucky residents…

By – Tyler Brooks
Health June 29, 2026
Everything You Need to Know About…

As the calendar turns to July 1, residents of Georgia…

By – Tyler Brooks
Breaking News June 26, 2026
Trump Seeks $1.4 Billion as Congo…

The Trump Ebola funding request would provide more than $1.4…

By – Michallie Harrison
Health June 25, 2026
Temperatures in France were higher than…

The images coming out of Europe this week are nothing…

By – Tyler Brooks
America July 2, 2026
Taylor Swift Wedding Reports Claim Private…

Taylor Swift Wedding speculation intensified after reports claimed that pop…

By – Jackie Allen
High Profile Court Cases July 2, 2026
Justice Served as Former NFL Scout…

The Nashville courtroom fell silent this Wednesday as a jury…

By – Tyler Brooks
America June 29, 2026
Stonewall Riots: An Uprising That Changed…

The Stonewall Riots marked one of the most significant turning…

By – Jackie Allen
Sports June 26, 2026
USMNT Lost to Turkey at 90+8.…

Kaan Ayhan’s goal came in the 90th minute, plus eight.…

By – Nicolas Carreno
Entertainment June 25, 2026
Tears, Goals, and the Siuuu: IShowSpeed’s…

The 2026 FIFA World Cup has been a rollercoaster of…

By – Tyler Brooks
America June 22, 2026
World Cup History Made as Lionel…

World Cup history was made Monday afternoon in Arlington, Texas,…

By – Jackie Allen

No posts found.

No posts found.

Signup for the USA Herald
exclusive Newsletter