If you believe that you have discovered a security vulnerability in our open source software, please report it to us using the GitHub private vulnerability feature. This can be done by navigating to the "Security" tab of the specific repository where you found the issue. For other Apple software, please report a security or privacy vulnerability on Apple Security Research.

Reports should include specific software version(s) that you believe are affected; a technical description of the behavior that you observed and the behavior that you expected; the steps required to reproduce the issue; and a proof of concept or exploit.

The initial acknowledgment of the report is neither an acceptance nor a rejection of the report. We may come back to you with further questions or invite you to collaborate while working through the details of your report. Resolution timelines may vary depending on the complexity and severity of the issue.

Output from automated security scans or fuzzers must include additional context demonstrating the vulnerability with a proof of concept or working exploit. Please include enough information to allow us to reproduce the issue. We will credit you in the public advisory if the report is accepted.