Report a security or privacy vulnerability
If you believe that you have discovered a security or privacy vulnerability in an Apple product, please report it to us.
If you need technical support for a security issue — for example, to reset your Apple Account password or to review a recent App Store charge — view the Get help with security issues support article or visit Apple Support.
If you have questions or concerns about Apple’s Privacy Policy or data processing, you can ask us about privacy.
How to report a security or privacy vulnerability
If you believe that you've discovered a security or privacy vulnerability that affects Apple devices, software, or services, please report it directly to us on the web at Apple Security Research.
Reports should include specific product and software version(s) that you believe are affected; a technical description of the behavior that you observed and the behavior that you expected; the steps required to reproduce the issue; and a proof of concept or exploit.
How Apple handles these reports
Apple reviews all reports that are submitted directly to us. After you submit your research on the web, you’ll receive an immediate automatic acknowledgement that we received your report. Most reports are resolved within 90 days. You can sign in with your Apple Account to see the status of your report, where updates are provided immediately as your report is reviewed. We evaluate all eligible research for Apple Security Bounty rewards. More information about program guidelines is available at the Apple Security Research site.
For the protection of our customers, Apple doesn't disclose or discuss security issues until our investigation is complete and any necessary updates are generally available.
Apple uses security advisories and our security-announce mailing list to publish information about security fixes in our products and to publicly credit people or organizations that have reported security issues to us. We also credit researchers who have reported security issues with our web servers on the Apple web server security acknowledgements page.
Alternatively, you can send your research to us via email at [email protected]. Please make sure that you include the information covered above. If your report doesn't include enough information to allow us to reproduce the issue, we may not be able to accept your report or evaluate it for a reward. And if you submit your report via email, you will not be able to track progress online. Please use Apple Product Security PGP key to encrypt any sensitive information that you send via email, and use Mail Drop to send large files.
Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.