This article is about how I found a vulnerability on Apple forgot password endpoint that allowed me to takeover an iCloud account. The vulnerability is completely patched by Apple security team and it no longer works. Apple Security Team rewarded me $18,000 USD as a part of their bounty program but I refused to receive […]
Not compensating properly is exactly how Apple will end up with zero-days sold to blackhats or companies like Greyshift or Cellebrite instead of reported to them.
It’s not like Apple doesn’t have the money for it. If they genuinely care about the security of their system, that wouldn’t be an issue.