[0cf8612b2e1e]

$5?!? Really incentivizing selling it on the black market.

[tptacek]

Which black market? Who is buying it? The reason they quote such a huge range of prices is that there is a huge range of utility across different exploits, and many of them aren't worth much at all, including some that seem ultra-powerful on the tin.

Keep in mind also that the economics of bug bounties are different than those of the "black market". Bounties quote lower prices because they're offering assured payouts, often with lower exploit proof and enablement requirements. They're not actually apples and oranges.

[actionfromafar]

If only Apple had a better cash-flow situation so they could pay out more. Alas...

[richardw]

Surely depends on the severity. If the attacker is only able to read if you prefer dark mode from a calendar invite then nobody will pay a lot.

[0cf8612b2e1e]

I am not sure what Apple defines as “sensitive data”, but surely that would be something more tasty than user UI configuration.