Hackers Discover 55 Apple Vulnerabilities, Awarded Nearly $300,000 in Bounties [Updated]

by

A group of hackers has been awarded nearly $300,000 by Apple for discovering 55 vulnerabilities in the company's systems.

3

Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes spent three months hacking Apple platforms and services to discover a range of weaknesses. The 55 vulnerabilities the team discovered were of varying severity, with some being critical.

During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.

Apple apparently was swift to address the majority of the vulnerabilities, with some being resolved in as little as a few hours.

Overall, Apple was very responsive to our reports. The turn around for our more critical reports was only four hours between time of submission and time of remediation.

As part of Apple's Security Bounty Program, the group was able to receive considerable payments for some of their work. As of Sunday, October 4, they had received four payments totaling $51,500. This included $5,000 for disclosing the full name of iCloud users, $6,000 for finding IDOR vulnerabilities, $6,500 for access to internal corporate environments, and $34,000 for discovering system memory leaks containing customer data.

Since no-one really knew much about their bug bounty program, we were pretty much going into unchartered territory with such a large time investment. Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure program is a massive step in the right direction to working with hackers in securing assets and allowing those interested to find and report vulnerabilities.

Apple has been actively investing in its bug bounty program since last year. Security researchers can now receive up to one million dollars per vulnerability depending on the nature and severity of the security flaw.

With the permission of Apple's security team, the group has published an extensive report which details a range of vulnerabilities and methods of locating and exploiting weaknesses. They also hinted that additional bounties may be on the way.

Update October 9: At the time of publication, the group reported that it had received $51,500 in bounties from Apple for four of the vulnerability reports it submitted. The group now says it has received 32 payments from Apple totaling $288,500.

Tags: Apple Security, Bug Bounty, Hack

Popular Stories

Alleged iOS 19 Icons Front Page Tech

iOS 19 Leak Reveals Alleged New Design With Rounder App Icons, Floating Tab Bar, and More

Monday April 7, 2025 3:13 pm PDT by
YouTube channel Front Page Tech is back today with another video that provides a closer look at iOS 19's alleged design changes. The video contains re-created renders of iOS 19, which are allegedly based on real footage of the software update, provided by sources within Apple. Overall, iOS 19 is expected to have a more glass-like, visionOS-inspired design, with added translucency for user...
Read Full Article228 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro's New Rear Camera Bar 'Same Color As Rest of Device'

Monday April 7, 2025 2:09 am PDT by
Apple's upcoming iPhone 17 Pro models will feature a redesigned rear camera panel that spans the width of the device, but it will be the same color as the iPhone itself, rather than being part of a two-tone design. That's according to Bloomberg's Mark Gurman. Writing in his latest Power On newsletter, the reporter says the iPhone 17 Pro won't have a two-toned back, as some renders have...
Read Full Article62 comments
iphone x front back

Apple Planning 'Bold' New 20th Anniversary Design for 2027 iPhone Pro

Monday April 7, 2025 2:46 am PDT by
Apple is preparing a "major shake-up" for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. iPhone X released in 2017 for 10th anniversary Writing in his latest Power On newsletter, Gurman says that Apple plans to launch a foldable iPhone alongside a "bold" new iPhone Pro model that makes more extensive use of glass. Could this mean Apple plans to realize former...
Read Full Article89 comments
iPhone Assembly

Trump Believes Apple Could Manufacture iPhones in the U.S.

Tuesday April 8, 2025 12:08 pm PDT by
U.S. President Donald Trump "absolutely" believes that Apple could manufacture its iPhones and other devices in the United States, Press Secretary Karoline Leavitt said today during a media briefing. Leavitt was asked whether Trump thought that iPhone manufacturing is the kind of technology that could move to the U.S. "Absolutely, he believes we have the labor, we have the workforce, we have ...
Read Full Article580 comments
iphone 16 pro colors 1

Is Now the Time to Upgrade Apple Devices Before Tariffs Lead to Price Increases?

Friday April 4, 2025 3:41 pm PDT by
If you have an older Apple device that you've been considering upgrading, you're probably wondering how the newly announced tariffs might impact prices going forward, and whether it's worth buying now before there's a price hike. Given analyst and economist responses to the tariffs, market panic, and Trump's stance on the current financial chaos, the answer is that making a purchase...
Read Full Article655 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

5 Biggest Changes Rumored for iPhone 17 Pro

Tuesday April 8, 2025 2:38 am PDT by
Later this year, Apple will introduce the iPhone 17 series, which includes the iPhone 17 Pro and the iPhone 17 Pro Max, two new high-end flagship devices that will be sold alongside the regular iPhone 17 and an all-new ultra-thin iPhone 17 Air. If you have been holding out for the iPhone 17 Pro or its bigger sibling, here are five of the biggest changes, informed by the latest reports and...
Read Full Article80 comments
Apple Vision Pro 2 Feature 2

Vision Pro 2 May Now Be in Production Ahead of Launch Later This Year

Tuesday April 8, 2025 9:13 am PDT by
The second-generation Apple Vision Pro may now be in mass production ahead of its rumored launch later this year, Chinese website IT Home today claims. Reporting on information from an unknown source, the website says that key components of the new Vision Pro, including panels, housings, and circuitry, have moved into mass production ahead of the product's purported release later in 2025....
Read Full Article171 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro Models Rumored to Offer Dual Video Recording Feature in Camera App

Tuesday April 8, 2025 7:23 am PDT by
YouTube channel Front Page Tech on Monday shared renders of iOS 19's alleged new design. The end of the video also revealed a new feature that is supposedly planned for the iPhone 17 Pro models later this year: dual video recording. According to Front Page Tech host Jon Prosser, the iPhone 17 Pro and iPhone 17 Pro Max will allow users to record video with the front and rear cameras...
Read Full Article45 comments

Top Rated Comments

Expos of 1969 Avatar
Expos of 1969
59 months ago
That seems to be quite a low payment for finding 55 problems. Each guy made about $850/week.
Score: 35 Votes (Like | Disagree)
ksec Avatar
ksec
59 months ago
As part of Apple's Security Bounty Program ('https://www.macrumors.com/2019/12/20/apple-launches-public-bug-bounty-program/'), the group was able to receive considerable payments for some of their work. As of Sunday, October 4, they had received four payments totaling $51,500.
MacRumors just redefined the word "considerable" in Cooperate America.
Score: 21 Votes (Like | Disagree)
The Cappy Avatar
The Cappy
59 months ago
These kinds of headlines slay me. "Over $50,000" you say.

The correct amount was $51,500. It would have been both shorter and more accurate to type the correct number.You don't even have the excuse of vagueness being necessitated by the need for brevity, since you actually type the number in full. You just go out of your way to use incorrect numbers so that you later need to correct yourself. Oh well.
Score: 19 Votes (Like | Disagree)
adamdport Avatar
adamdport
59 months ago
$50k split between 5 people over 3 months...that's the equivalent of $40k/yr for these guys. I guess it didn't say they were working 40 hours a week, or were full time on apple though.
Score: 19 Votes (Like | Disagree)
cmaier Avatar
cmaier
59 months ago

I smell lawsuits coming.
Why? Unless someone can prove these vulnerabilities were used, what’s the harm?
Score: 17 Votes (Like | Disagree)
CrazyForCashews Avatar
CrazyForCashews
59 months ago
I appreciate how quickly Apple paid them.

News like this will probably encourage other hackers to disclose any more vulnerabilities to Apple knowing that they'll be rewarded in a timely manner.
Score: 13 Votes (Like | Disagree)
Read All Comments