A well-known security researcher reports that Apple has slashed its bounties for finding vulnerabilities in macOS. Many have been halved, with one of them reduced from over $30k to just $5k, despite a growing problem with Mac malware.
Csaba Fitzl, principal macOS security researcher at Iru, says it suggests Apple doesn’t really care about the Mac, and increases the likelihood that vulnerabilities will be sold on the black market instead of reported to the company …
Fitzl posted examples of the new rates on LinkedIn.
Full TCC (privacy) bypasses are down from 30.5k to 5k. Hard to interpret this in a good way. It feels like:
- We (Apple) admit we can’t fix this shit and we don’t care anymore
or at least not willing to pay for it
- We don’t care about privacy
Individual TCC categories are also down from 5-10k to 1k.
This feels really weird especially because Apple’s mantra is privacy…
macOS sandbox escapes are also down to 5k from 10k.
We verified that the rates he cited are accurate.
TCC refers to Apple’s Transparency, Consent, and Control framework. These are the mechanisms ensuring that apps can only access sensitive personal data if they have explicit user permission. A full TCC bypass would allow an app to gain access to a Mac user’s private information without consent.
Among other things, TCC protects access to:
- Your files and folders
- The contents of Apple apps, including Contacts, Calendars, and Health
- Webcam, microphones, and screen recording capabilities
Security researchers have discovered a number of serious TCC vulnerabilities in the past. One example allowed an attacker to modify the consent database so that macOS thinks a user has provided permission when they haven’t. Another was a code injection attack which allowed a rogue app to take advantage of TCC permissions already granted to a legitimate app.
Fitzl notes that not many security researchers focus on the Mac platform, and with even smaller awards on offer that number is likely to further diminish. It also increases the risk that anyone discovering an exploit will decide to sell it on the black market rather than report it to Apple.
It seems inexplicable that the company would make these changes at a time when there is more Mac malware than ever before. We’ve reached out to Apple for comment and will update with any response.
- Official Apple Store on Amazon
- Apple 40W Dynamic Power Adapter for iPhone 17
- Official Apple iPhone Air cases and bumpers
- iPhone Air MagSafe Battery
- Official iPhone Air case
- Official iPhone 17 cases
- Official iPhone 17 Pro cases and Pro Max cases
Photo by Philipp Katzenberger on Unsplash
FTC: We use income earning auto affiliate links. More.
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel
