[rvz]

Great write up.

Any guess on the bounty amount for this zero-click vulnerability, with a 5 step exploit chain for macOS?

[_lvbh]

Has to be at least 6 figures. I got $47k on a pretty insignificant flaw with TCC and I would assume this is much more serious. The wait time is crazy though. It took almost a year to get fixed and another 6 months for the bounty to be paid. Then another year for them to even credit me for the CVE.

The fact that security researchers are completely at the mercy of the companies made me choose to do software Eng instead. Much more stable.

[edm0nd]

Dude likely could have sold this to malicious threat actors for 6 figures.

Weird that it's been 2 years now and Apple still hasn't paid anything.

Really highlights why people might tend to gravitate towards that route instead of going thru the legit bug bounty process.

[tptacek]

Does it work on an iPhone? If not, you're probably not selling it for 6 figures, or even 5.

[saagarjha]

It does not.