Because PCC extends the industry-leading security and privacy of Apple devices into the cloud, the rewards we offer are comparable to those for iOS. We award maximum amounts for vulnerabilities that compromise user data and inference request data outside the PCC trust boundary.

Apple Security Bounty: Private Cloud Compute

Category
Description
Maximum Bounty
Remote attack on request data
Arbitrary code execution with arbitrary entitlements
$1,000,000
Access to a user's request data or sensitive information about the user's requests outside the trust boundary
$250,000
Attack on request data from a privileged network position
Access to a user's request data or other sensitive information about the user outside the trust boundary
$150,000
Ability to execute unattested code
$100,000
Accidental or unexpected data disclosure due to deployment or configuration issue
$50,000