| ▲ | tptacek 17 hours ago | |||||||
I do not in fact think you would make a lot more than $4000, or even $4000 in the first place, for an Apple XSS bug, unless it was extraordinarily situationally powerful (for instance, a first-stage for a clean, direct RCE). Bounty prices have nothing at all to do with the worst-case damage a motivated actor could cause with a vulnerability. | ||||||||
| ▲ | jijijijij 17 hours ago | parent [-] | |||||||
https://security.apple.com/bounty/categories/ The lowest tier is $5k. XSS up to $40k. I think we're talking exfiltration of dev credentials... | ||||||||
| ||||||||