Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

macduke

macrumors G5
Original poster
Jun 27, 2007
13,495
20,609
I have discovered a major exploit which allows bypassing Touch ID from the lock screen. How do you guys recommend that I go about disclosing this so that I can get the bounty that Apple has on bugs of this magnitude?

Do I need to have it well documented? Does it need to be reproducible on another device? I don't want to mess this up, but I also don't want to be too late in disclosing this. As you can see I am a long time member of these forums going back to the original iPhone launch in 2007 and can assure you that I am 100% dead serious. This is actually pretty nuts. I have no idea how the bug bounty program works and found little information online about how to file and what specifically I need to do to cover all of my bases. I have already recorded a video of the exploit in action and considered submitting it to the editors here but if I can get paid then I do not want to screw this up.

Thank you so much. I don't know if I'm going to be able to sleep tonight.
 
I have discovered a major exploit which allows bypassing Touch ID from the lock screen. How do you guys recommend that I go about disclosing this so that I can get the bounty that Apple has on bugs of this magnitude?

Do I need to have it well documented? Does it need to be reproducible on another device? I don't want to mess this up, but I also don't want to be too late in disclosing this. As you can see I am a long time member of these forums going back to the original iPhone launch in 2007 and can assure you that I am 100% dead serious. This is actually pretty nuts. I have no idea how the bug bounty program works and found little information online about how to file and what specifically I need to do to cover all of my bases. I have already recorded a video of the exploit in action and considered submitting it to the editors here but if I can get paid then I do not want to screw this up.

Thank you so much. I don't know if I'm going to be able to sleep tonight.
https://support.apple.com/en-us/HT201220

https://slate.com/technology/2016/08/why-apples-bug-bounty-program-is-unlike-any-other.html
 
  • Like
Reactions: macduke
Maybe this will help. Good luck!

https://support.apple.com/en-us/HT201220

Bugs must be reported to Apple with a proof of concept and must work on the latest iOS version and hardware.

https://www.imore.com/apple-security-bounty-faq
https://bountyfactory.io/dailymotion/dailymotion-public-bug-bounty

The last link gives an idea of the criteria according to which a professional report is structured. Don't collaborate with those guys if you like to get your coin.

attachment might help...
Screen Shot 2018-11-09 at 07.10.26.png
 
Last edited:
  • Like
Reactions: macduke
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.