Overview
- Csaba Fitzl, a principal macOS security researcher at Iru, reported that Apple has reduced several macOS bug-bounty categories.
- Full Transparency, Consent, and Control (TCC) bypass payouts fell from about $30,500 to $5,000, individual TCC category awards dropped to around $1,000, and sandbox escape rewards were cut from $10,000 to $5,000.
- 9to5Mac said it verified the accuracy of the payout rates cited in Fitzl’s post.
- Fitzl and other researchers caution that lower payouts could discourage responsible reporting and make private or black-market sales of exploits more attractive.
- The reported cuts coincide with increased Mac malware activity, and Apple has been asked for comment but had not responded in the coverage.