State of the Apple Security Bounty program

Posted on 2026-07-10 in blog

Introduction

I really meant to write a new post about a bug for you guys today, but while doing that I ended up discussing TCC and that led me on a tangent about the "recent" changes to the ASB. This is something I wanted to talk about for a while, but I've been busy and waiting for Apple to come out with some clarifications. That hasn't happened yet.

I will try to finish the writeup of utmpxpl (CVE-2026-20631) tomorrow, but I have to get this out of my system today. Think of this post as us working through some stuff together. Like group therapy, but less sad.

This post won't be a technical one, but it should be interesting to you if you do bug bounties. After all, we all know that it doesn't matter how cool your research is if the vendor is unwilling to pay a fair price for it. Since I get asked about bounty rewards and ASB requirements on a weekly basis, I figured this post will benefit people, especially newcomers.

In reality, I think I needed some time to really think deeply about the ASB, the changes, and the entire economy of the bug bounty landscape. It never hurts to think about these things, and in the process we hopefully arrive at a better understanding than we had before. Also, if I am blatantly wrong about something, do tell me about it. I'd really like to hear about your opinion and what your experience has been.

First, let's start with the latest update to the program.

Apple's 2025 October changes - bounty and scope reductions

As you might be aware, on October 2025 Apple made changes to the ASB program. This change managed to upset the community to an unprecedented degree and I think it's worth talking about. I will take the events as they happened, in chronological order. This captures the volatile sentiment and the emotional roller-coaster that we went through as a community. I think there's something to learn from that, and if not, it will probably be good entertainment.

Apple did communicate with us privately and said that they're working to address some of the issues the community has raised. However, that was 10 months ago, and a lot has happened since then. There is yet to be a new public statement from them, so big questions regarding the ASB are still up in the air. I will talk about all of that, and my predictions about what will happen.

To make things clear:

I'm not trying to use this post to put pressure on Apple.

I believe that they will do as they said, but I also know that it will take a long time. Generally they're slow to move, and to me that is business as usual, but it might come as a surprise to some. We'll talk about that as well.

This all started with an email.

Setting the mood - The email notice I never received

On the day of the update they sent out an email to the ~800 ASB participants. I never received anything. It sucked quite a bit to find out about this unexpected change by reading an upset tweet from another researcher at 3am.

Mind you, this is not about the email. The email problem is not a big one, and Apple even apologised for it later (they had a tool that failed). It happens, that's fine.

The cause of my upset was the content of the changes and my exposure to them. Nobody knew what the changes would mean long-term, and everybody lost their mind a little bit. Panic swept through the community and I knew I was not going to sleep well that week.

So what changed?

The good news:

They decided to implement Target Flags, which are essentially flags in the production OS that you can get, like you would on a CTF/wargame. We have suggested this numerous times 5 years ago, and they finally came around to it, which was nice. While this doesn't impact my research much, this is tremendously useful for people who do memory corruption research, especially in the kernel or on iOS. Now their findings can be trivially proven and they don't need to send in a full chain, which is very good. I'm happy about that.

Unfortunately that's about it for the good news.

The bad news:

The adjusted payouts and scope

For TCC, they reduced the full TCC bypass bounty by 83.6%, (30.5k -> 5k).

For Gatekeeper, the scope was reduced in a way that made no sense, now to be eligible a file had to be downloaded by Safari and have the quarantine bit. The rewards have been raised to 100k, but that hardly matters, since the scope change made most bugs ineligible.

For some perspective: all past GK bypasses would be ineligible under these new rules. New GK bypasses that result in no quarantine flag being placed on dropped files would still work just fine. Thus, this does not help to kill bugs that real-world attackers would use. To them the quarantine flag doesn't matter, all they care about is impact. If they can drop an unquarantined file and infect the customers that way, they will be happy to do it.

For the Application Sandbox category they reduced the Sandbox Escape (App SBX) payouts by 52.4%, (10.5k -> 5k).

To sum up:

  • TCC got nerfed 83.6%
  • GK scope got reduced to effectively nothing (but bounties increased)
  • App SBX got nerfed 52.4%

Bad news, across the board. It doesn't stop there, but before we delve into that, let's see what happens if you have a bunch of bugs reported already.

The rollout itself

Bugs that were reported before the next month (November 2025) will be evaluated using both the new and old rules and the highest one of these would win. If you had incomplete, unreported bugs that were impacted, you still had 3 weeks or so to finish up and submit them.

Regardless of the changes, the rollout was fair. At least we didn't have to worry about our existing bugs. I'm sure some of you will disagree, but I think it was reasonable.

As for the changes, that didn't go over so well.

Community uproar

The community was incredibly upset. Many saw this as Apple cutting costs and enshittifying the program, including me. This was understandable, as right around this time LLM fearmongering was really taking off and there were mass-layoffs happening across the industry. Companies seemed to be on a cost-cutting binge, openly threatening their employees' livelihoods with AI.

This was not a great time to announce sweeping cuts to the program. It hasn't helped that in the same blogpost Apple announced Memory Integrity Enforcement (MIE) with much fanfare and even more hubris. It was basically hailed as the end of memory-corruption bugs.

Needless to say, I did not have a fun time. While MIE itself didn't impact my work, I did feel that my career was in jeopardy. It seemed that if other researchers don't take my findings, an LLM will. If they don't, Apple will just rewrite the rules again to save some money. I wasn't the only one who thought that, by the way. While it's easy to see with a calm head, how that is a bit of an overreaction, that's how a lot of us felt at the time.

There was one more thing here. The cost-cutting angle that we envisioned made absolutely no sense. To see why, let's do some dumb, funny math.

Is this cost cutting?

At the time I joked on Twitter about Apple spending more money on coffee than the bug bounty program, but I realised that I never actually did the math. I just knew that it was obviously true. But now I wanted to make sure, so let's do the math for funsies.

First of all, Apple is massive. It's currently the 3rd largest company on Earth with a market cap of $4.56 trillion with $416 billion in revenue in 2025.

They have ~166k employees, 540 Apple Stores, and 43 offices.

There are 260 workdays in a year minus 11 federal holidays and 11 days off (I'm only considering the US), so we can use 238 real workdays a year.

If on average every Apple employee has 1 coffee per workday and the cost of a cup is ¢50, Apple will pay:

~$19.7 million dollars a year

Now, let's see how much they spend on the ASB. From the blogpost above we are told that Apple spent a total of 35 million dollars on the ASB since the public launch in 2020, or ~$6.36 million per year.

If we look at the pre-public ASB numbers from another blogpost from October 2022 we can see that between 2016 and late 2019 (when the program was invite-only) Apple paid out $20 million in 2.5 years, or $8 million per year.

Was this likely a cost cutting measure? I don't think so. The amount of money being spent on bug bounty payouts is negligible.

With that said, operating a bug bounty program is a lot more expensive than just the bounties. You have to hire staff, triage bugs, have infrastructure, deal with churn, etc... Not to mention all the costs skyrocketing due to the slop produced by LLMs. Currently, any unscrupulous asshat can send in as many AI-hallucinated slop reports as they want to. This is a huge problem with LLMs, and it is a widely-known one. It's so bad in fact, that some bug bounty programs closed down because of it. In Apple's case though, since they already require an exploit for triage, they're a lot less likely to be heavily impacted by this trend. Still it incurs an extra cost.

If we assume that the true cost of running the ASB is twice the sum of the bounties, it still wouldn't make sense for Apple to cut costs like this. They wouldn't be able to save enough money to justify the PR-hit. No cost-cutting measure is ever popular, and in the case of Apple the fallout would be particularly bad. They use security and privacy as key selling points every chance they get, so it would be a horrendously short-sighted decision to publicly cut funding to a program that helps make these happen. Customers would be upset, researchers would be upset and the press would be in the middle of it.

I'm sure money was a factor in the calculations, but I don't think it was a major one. I don't think the ASB is getting closed or it's funding cut. The doomer scenario is wrong.

Why was this so scary then?

Well, at the time I don't think any of us did that math. I think most of us knew that Apple wouldn't just turn their backs on the program, but ultimately nobody knew. Uncertainty makes you think crazy things and I had my own reasons to be anxious.

Now this is where my story will deviate from yours, but I can only give you my perspective. As you might or might not know I work as a full-time, self-employed security researcher and I only work on the ASB. Specifically, the majority of my focus is on macOS, and I look for logic bugs. This generally involves filesystems/file APIs, races, etc... I have been branching out to iOS, but it's hard. I also don't do memory corruptions, because I believe fighting with the mitigations is not worth it. I might be wrong, but stuff like MIE coming out does not make me want to change that.

Considering all of that, most people I know from the community are - unsurprisingly - fellow macOS researchers. The reason for that is twofold. For one, I tend to find people in the same niche as me, and they tend to find me. For the other, macOS is a lot more approachable platform, and is a much easier target then iOS. This is especially true if you are new to the whole Apple thing.

I know, because I was new not too long ago. I started this at the end of 2021. I knew close to nothing about macOS, and I don't think I ever had a single CVE to my name. If I did, I'm sure it was something unimportant. To me, macOS was an obvious and necessary stepping-stone to doing more hardcore research, the type of stuff that you will need to work on iOS.

I can say that with confidence, because Apple was gracious enough to award me an SRD every year for the past 3 years. I tried pivoting to iOS repeatedly, but I only ended up banging my head against the wall for months, without anything to show for it. For my particular niche, macOS is a much softer target, and I'm sure this is true for memory corruptions as well. Maybe even more so.

I told you all of that, so a) you can see where my head is at, and b) to know what kind of path a newcomer to this field would be likely to take. Now, the changes that Apple rolled out with this new, "revolutionary" update, not only managed to nerf 3 major bug-classes into oblivion. They did more than that. They also updated the Categories page on the ASB website, and now - to our collective surprise - macOS was not even in the table.

It was relegated to a completely separate section - almost like a footnote - and the only rewards in that section were the reduced rewards to TCC, App SBX and Gatekeeper. The things that just got nerfed to hell. There was no mention of LPEs. No mention of SIP bypasses. No mention of Gatekeeper bugs that relied on not having the quarantine flag.

Considering what I do day to day, that was terrifying and infuriating at the same time. I think macOS researchers were not considered at all when making this change and rolling it out. At the time it looked like the macOS portion of the program was being silently phased out, in a way that is exhaustingly common these days: Enshittify your product silently and gaslight everyone by pretending nothing happened.

It was a completely justified fear on our part that macOS will no longer be a part of the Apple Security Bounty program.

As a full-time macOS researcher, this was terrifying. I'm not saying that to gain sympathy, choosing to do what I do in this way was my choice and my choice alone. Apple doesn't need to consider my feelings or priorities when they decide to change the rules of their own program. I know that.

However. The way this was rolled out and the way we were left in the dark was an absolute masterclass in how not to communicate. It was 100% predictable that people won't take it well, but I don't think even Apple expected the magnitude of the backlash to be this severe.

Predictably, a gigantic shitstorm ensued. I'd like to tell you that I was a self-respecting adult and that I handled this as such, but I didn't. I did what most of us did and panicked immediately, assuming the worst. I'm not joking when I tell you that on the night of the announcement I was rage-scrolling linkedin, which - in my case - is a very bad sign.

Luckily, there are some actual adults among us who managed to keep their composure, while the rest of us went completely bananas. There were talks of boycotts, abandoning the program, dropping 0days publicly and even going to the media. We lost our collective minds a little bit.

I did the only thing that I could do in this situation: I reached out to Apple, trying my best to stay calm. They did respond in record time, which helped, but before we read their response let's dissect why this could have happened in the first place.

WTH happened?

I think there's one obvious reason why this blew up as much as it did:

We don't trust Apple, or any other corporation for that matter

I think everyone - not just hackers - are exhausted by the corporate enshittification of everything. The news is inundated with articles on how corporations squeeze the ever living shit out of all of us, and we're sick and tired of it. I think all of our collective trauma of being screwed over / lied to / gaslit / squeezed / laid off led to us developing a knee-jerk reaction that immediately makes us go from zero to a hundred whenever we even think about it happening again.

This might be just me, but I doubt it. Particularly us hackers have a really severe case of this, and it's obvious why. I'm simplifying - we're obviously not all the same -, but I think this is true on average: Most hackers are anti-establishment, defiant of authority and have a strong sense of what's right and what's wrong. We grew up with open-source. We saw all the slimy, digusting, should-be-illegal-but-isn't tactics of corporations. We have witnessed the lies, the lobbying, the land grabs. The attempts of governments and corporations to control and regulate our lives, particularly on the Internet. If we are old enough, we are nostalgic of a time when websites didn't have 15 popups that you had to click through. When collecting and selling people's data was an outrageous concept. When things were not a service, when you owned what you bought and when businesses had to be accountable to their customers...

Anyway. I think you get my point. There is mistrust.

The announcement was made in a way that managed to push all the wrong buttons. It would have gone a long way if they told us that the page was still being worked on, and that we should reach out if we have questions. This would have pretty much solved everything.

But that's not what Apple does, that's now who they are. Their image is clean perfection. It's the beauty, it's the fact that it "Just works". But please, Apple, consider who you're talking to. We are the people who break your stuff. We've peeked behind the curtain. We know what's under the paint, we've seen the dark corners. It's fine. It's fine if something is not done yet or if it's incomplete. We truly couldn't care less, we know how reality works.

Most importantly, for the future:

Tell us about things that affect us and about the things that what we need to know.

While I like to put the blame on Apple exclusively, I would be dishonest if I said that I wasn't at fault. I absolutely was. I shouldn't have panicked as much as I did. I talked to some people from Apple, and they're great. The company did award me with an SRD and I got a ton of bounties over the years. We've been doing this together for 6 years, and there's friction and miscommunication, but at the end we could always smooth it over. Sure, sometimes we had disagreements, and there were cases when I felt like I was wronged, but ultimately that's not how it goes 90% of the time.

I got swept up in the collective panic, and I shouldn't have let myself do that. I should have known better.

It's fine though, it's over. But it's worth remembering for the next time when something like this happens.

My opinion on the reward and scope reductions

I'm only going to talk about macOS here.

Application Sandbox Escapes

These used to go for $10.5k or so, which got reduced to $5k. Considering how difficult these are to find from a sandboxed position, I thought that searching for these was not worthwhile before the reduction. Maybe I'm wrong about this - I likely am -, but in my experience the difficulty of finding and exploiting these was really not in-line with the payouts.

If you can successfully get out of an App sandbox, the amount of attack surface that opens up is tremendous. I always thought that the pricing was unfair because of that. It is true that a user has to have an app installed for an attacker to even be in this situation, but I still think this should be a boundary that is considered more important and thus rewarded a higher bounty. I maintain that opinion, especially now.

Verdict: App SBX bugs are really undervalued

Gatekeeper bypasses

Since I haven't done any GK stuff, I can't meaningfully comment on this. I read the available public writeups, and two things were immediately clear: there's not a lot of research into GK. The research that does exist exclusively relies on dropping a file on a user's computer that does not have the quarantine flag.

Now Apple says in order to be eligible for a GK bounty, you have to have used Safari to download a file, and you have to have the quarantine flag on it. This is completely wrong. If an attacker can bypass GK in any possible way (excluding social engineering), a bounty should be awarded. Why? Because the entire point of a bug bounty program is to make the lives of bad guys harder. If we start introducing financial disincentivisation and artificially restricted scopes, we will end up in a security-theater. The metrics will look good, there will be no new CVEs, but the users will still be owned left and right.

Actual attackers do not care about the rules of your bug bounty program. This is in contrast to your consumers, who will care about their secure and private operating system acting like swiss cheese.

Verdict: Undecided / Not worth it

Please note that I'm not an expert in GK, so I don't know how much the restrictions matter. My intuition suggest that it matters a lot, as Apple has repeatedly hardened the only eligible attack surface. If you can still find a bug in here then you will be paid well.

TCC bypasses

Now, this particular bug class I can speak on. I have reported quite a few full TCC bypass bugs (I don't look for partial ones). I had a few waiting to be fixed already when the announcement came out. Just by sheer luck I was quite tired of TCC at this point, so I stopped looking for it. Since I had nothing else in the pipeline, the changes did not impact my work in the short term.

On the long-term, however, this was alarming. TCC bypasses were a fairly easy and approachable bug class, that paid well. I knew many researchers that were looking for them, just because they were lucrative. I did recommend them to newcomers, as I myself have published a ton of information on how to find and exploit them, as did many others. Even after Apple took steps to cut down the attack surface tremendously - by introducing Launch Constraints - , I still managed to find TCC bypass bugs, sometimes even by accident.

With this class of bugs effectively gone, researchers would have to work that much harder for the same amount of bounties. Since there is no clear way to go from FDA (Full Disk Access, effectively being TCC exempt) position to root, you are stuck with the $5k amount if you choose to report. Unless of course you know something I don't, in which case I am open to a collab.

Is the TCC pricing fair?

Here are the original TCC payouts compared to the new ones:

  • full TCC bypass: $30.5k -> $5k
  • partial bypass: $5k -> $1k

Partial TCC bypasses

Let's talk about the partial bypasses first. These were sort-of accurate, with the major exception of the $5k mininum payout. That was ludicrous. You could get $5k for finding a single low-impact PII leak - like an email address - in the logs. These were definitely priced incorrectly, and I think the current $1k payout is a lot more accurate.

For the better bugs in the category, the ones that can leak contents out of an entire TCC silo (like all Photos, or all Documents), the current $1k payout is way too low.

Verdict: Only worth it if you can find trivial leaks, en masse

Full TCC bypasses

What about the Full TCC bypasses?

This might upset some of you, but I always thought that this class was slightly overpriced. I never bought into the whole "rootless" thing, and it made no sense to me why a full TCC bypass would pay 35% more than an LPE to root.

Before Launch Constraints came out, I had days when I found two of these in a single day. I found myself thinking that this was too easy, and it was. Apple came out with Launch Constraints after a while, and that cut down the attack surface very significantly. I found myself getting stuck more and more, and I pivoted to other bug classes. Others didn't. People routinely made a joke out of TCC, most recently Zhongquan Li at offensivecon, here's the writeup.

I'm not saying that the present pricing is correct - it's not -, but personally I think it would have been fair to reduce full TCC bypasses to the level of LPEs, at around ~22.5k.

My rationale for that is this: root gets you a larger attack surface and more privileges, and TCC gets you access to the user's most interesting private data. As far as I know there's no way to go from one to the other. I might be wrong, in which case my DMs are open.

To further my point, consider the fact that a root to SIP bypass - which is also a full TCC bypass - is $20.5k. That's more than 4x as much as the new maximum TCC payout, but you are starting from code execution as root. Sure, being SIP exempt allows you much more than being TCC-exempt: You can alter system files that even root can't touch. This allows you to persist your malware on the machine in a way that requires a reboot to recovery mode to remove. But you are starting from a very privileged position.

So, even though full TCC bypasses were slightly overpriced, I wouldn't have reduced these payouts by that much. The current reward amounts make these worthless.

Verdict: Absolutely not

I will have some more thoughts and speculation about this in the later sections.

Apple's response

So, Apple did write me back after a day saying that they will discuss this matter internally. The day after that I got a response.

Now, I won't go through everything that we were told. I don't want to cause problems or get anyone in trouble. What was good about all of this is that this turned into an actual discussion. That is a very rare thing when Apple is considered. From what I can tell, they were open to our suggestions.

Frankly, I don't think anyone at Apple expected this amount of backlash, and it seemed to me that they were trying to do right by us.

The evolution of the program

From their email it was clear that they wanted to shift focus away from TCC, and to push researchers into other areas using these incentives. For example, iOS payouts have significantly increased, which to me makes very little difference, but not to them. One of Apple's biggest problem on iOS is mercenary spyware. That really hurts customers, and it hurts the company's reputation as well. They obviously want as many eyeballs on iOS as possible, which makes sense. In that light it makes sense that macOS was an afterthought, but that didn't soften the blow to people like me.

Apple also told us that they will periodically re-balance the rewards to match the ITW attacks they're seeing. I'm okay with that, as long as the changes are reasonable, and it matches reality.

What I would not be okay with is articifial reward and scope reductions to disincentivise legitimate research via financial means.

Now, why would they do this? Well, we've been told that they're constantly working on large-scale mitigations (obviously), and that their experience has been that researchers like us don't know how difficult that is. That's not entirely incorrect. I have talked to researchers who say things like "they should just fix it", while at the same time not realizing how hard a developer's job really is.

As a developer myself, I understand how difficult doing that must be like. Not only do you have to ship your code to 2.5 billion devices, you have to make sure: there are no regressions, performance is okay, user experience is fine, the change is testable (dare I say documented), etc... and you need to do all of that while you likely have other things going on. Oh yeah, and all of this is to be done by a given dealine, while you are potentially waiting for others.

So yeah. I get it, but I'm sure some of us don't. Maybe this post will help them understand a little better. In any case, Apple's working on large-scale mitigations, and that's actually good. Not for us, but for the security posture of their products. This was expected, as it's their job.

With that said, it still seemed to me that they used financial disincentives to steer people away from TCC. Now why would they do that?

Tinfoil hat time

My (completely unsubstantiated) theory was this:

They knew at the time of the announcement that TCC bugs don't matter.

How could that be? Well, either Apple is evil or stupid and wants to invite all the bad press that it can, or they made a decision based on information that was only available to them. Neither would surprise me, but I heavily lean towards option #2.

Imagine this: You are receiving a ton of reports for a subsystem that you are currently in the process of removing. Would you want to pay these out? Of course not.

Now, Apple is not removing TCC - I don't think -, but they are definitely doing something: I think they're fixing it.

If we assume that Apple is in the process of rolling out a fix to eliminate TCC bugs, why would they keep paying bounties for it? Sure, the correct thing would be to keep the bounties as they are and disincentivise researchers via technical means, but if that takes too long they will have to still keep paying for bugs that will not matter and endure the ongoing humiliation ritual of researchers making a joke out of TCC. And we know for a fact that a change like that takes a loooong time.

If there will be a systemic fix for these issues in the near future, nobody can be too mad. Sure, maybe this was the incorrect thing to do, but then again, Apple already knew that the fix will ship. Then there's absolutely no point in paying for bugs that they know for a fact will be killed by the update. This also has the very convenient side effect of cutting the financial and reputational damage.

If people stop researching TCC, there will be less blogposts, less bounties pay, and when the dust settles Apple will have mitigations already rolled out. So by the time of the next release, none of this temporary shenanigans will matter, and people will move on.

A solid plan, but there's two problems with it:

1) there will be swift, immediate backlash and the accusation that Apple killed the category because they were unable to fix it

2) how will bugs be rewarded once the mitigation comes out?

My theory is that they severely underestimated #1, and that #2 doesn't matter at all. Regarding the reward amounts, we know that Apple can increase them whenever they want to, and that will always be a popular thing to do. If they ever need to funnel more interest back into TCC they can do so at any time, and we will collectively thank them for it.

I told Apple my theory, but - predictably - they didn't react. Then the Golden Gate beta came out in June 2026.

Can you guess what was in it?

macOS 27 - Golden Gate beta

It turns out that I was right, in a way. After installing the macOS 27 beta, Csaba noticed that the user's TCC db moved from ~/Library/Application Support/com.apple.TCC/ to /private/var/containers/Data/ProtectedSystem/[UUID]/Data/Library/Application Support/com.apple.TCC/.

That location can't even be read as root, not even if you have Full Disk Access (FDA). You definitely can't write it, for that you need the com.apple.private.security.protected-system-container entitlement.

Hah. I called it.

This means that the attack surface for TCC bypass bugs just got cut significantly. It will remain to be seen how effective that is, but I surely won't spend time on it while the bounty is this low.

Also, it was about damn time. The fact that giving FDA to a process resulted in that process being able to modify the user's TCC.db was not a great design choice. Apple already made efforts to close loopholes in the system, for example they changed Finder in a way that it would deny file copy requests into this directory, but that was clearly a band-aid, this one is a proper fix.

Even though this will make our lives more difficult, I'm happy about it. It means that our work makes a difference. We did this. Well, Apple did, but we made them do it, so yay us.

Now the question that remains is this:

Will Apple raise the TCC bounty rewards after Golden Gate comes out?

I guess we'll have to wait and see.

The future of macOS bounties

Regarding LPEs, SIP bypasses and other macOS bugs Apple did confirm that they will not be touching the rewards on those. They seemingly realized that not including these on the category page has resulted in a lot of confusion.

They said they'll work on making these clearer on the website.

To me this was the big one, macOS is here to stay and the bounties of other bugs won't be touched for now. I'm not going to completely drop my guard, but that is some good news.

In another email they confirmed that they stopped using their new scoring system for all macOS bugs that are not TCC or Gatekeeper bugs, due to these transparency issues. That's good, but I'm not sure what the new scoring system was supposed to be, and that makes me a little uneasy.

Again, nothing else for us to do, but wait.

Apple's transparency promises

Apple told us that they are working on fixing the transparency issues regarding macOS bounties. This would be great. We have been complaining about that for quite some time, and I know for a fact that this lack of transparency sows mistrust. This is especially the case for newcomers who would like to participate in the program, but are too afraid that their findings will go unpaid. These are the people who ask me about payments, submission criteria, etc... all the time. It would be amazing to have some clear-cut rules and categories, at least as detailed as iOS, but preferably even a little bit more detailed.

I genuinely think that Apple wants this information to be public - why wouldn't they? - , but as I said, it's not exactly easy to do that in a company this secretive, not to mention this large. They have to be extremely careful with what they say publicly, which I completely understand.

Hopefully this happens soon.

Career advice for the apocalypse

I can already hear some of you saying:

These changes still suck, stop being such an Apple-ogist*!

[*: sorry]

Okay, I hear you. You're mad, and you have every right to be. Well, maybe not, but in any case: I did feel like that, and sometimes I still do.

Let's see what options we have.

Option #1: We do what Apple wants us to do

Since Apple confirmed that other macOS bug classes remain unchanged (for now), we can just stay working in the ASB and pivot to other bug classes. Coincidentally I was already doing this when the changes came out, and it turned out okay. I have found a bunch of LPEs, some SIP bypasses and I even started working on iOS a lot. No concrete big findings there yet, but I am getting close. It's also ~9 months later, so I have the benefit of hindsight.

As for you, you can probably do the same (minus the iOS part). root LPEs and SIP bypasses are not that different from TCC bypasses, but you do have to adjust your approach a bit. All in all that's not too big of a change though, and it's really not a big deal.

If you feel particularly adventurous and are familiar with iOS, you might try poking at that, but for a beginner that's not something I would recommend, especially if you don't have an SRD and have to struggle with jailbreaks.

You can also pivot to the web part of the ASB, or even look into RCE vectors, memory corruptions or whatever you can think of. The program - thankfully - is pretty extensive, so there's room to pivot to.

I think pivoting to other bug classes is your best bet (for now).

Option #2: We abandon the program entirely

That is your prerogative. In this case you either have to find another bug bounty program or something else. Let's see.

The whitehat way

Staying in bug bounties

Let's see bug bounties first: going with another program

As far as I know, there's no viable competitor to the ASB:

  • Microsoft doesn't have a meaningful bug bounty program (everything is basically out of scope).
  • Google has raised their payouts substantially, but it's pretty much Android or the Linux kernel

Nobody else has meaningful bug bounties that are similar to macOS, but Google seems interesting.

Mind you: I did very little research on this while writing this post, I might be wrong.

If you are open to pivoting completely, you can try your luck with Android, Blockchain stuff or even going the web security route. I saw people do some of these. You could do pwn2own, or directly submit to ZDI. Blockchain and pivoting to Android would incur a huge cost in time and effort, just to get started. pwn2own is great to make a name for yourself, but trying to do that full time is unviable in my opinion. The same goes for ZDI, last time I checked they did not pay well, and don't even get me started on hackerone and bugcrowd. The amount of horror stories shared by people in those programs are enough for me to not even consider them seriously. Not that I would be able (or willing) to do web security if I tried, but still.

So, basically everything else either would not work at all or would require a(n extremely) significant time investment just to get started.

Depending on what experience you have, and who you are this might be viable for you. For me, it isn't.

I would not really recommend this, unless you want to learn something new anyway

Getting a regular job

Alternatively, you could just get a regular job at a company that could use your talents. I know a bunch of defensive companies who are hiring, (hit me up if you want me to connect you). It's likely not going to be 100% vulnerability research (sometimes not even close), but you'd still stay busy and wouldn't need to pivot to another tech stack. If you're lucky, you might even be able to strike a deal with the company that allows you to do bug bounty on the side.

This is legitimately the second best option

Dream big

If you are a dreamer, boy do I have an option for you. Just go and work at Apple. If you are tolerant of corporate shenanigans, or if you are young and don't mind grinding for a few years, this is definitely the option for you. Mind you, I could have said Google, Microsoft, etc... but most obviously you'd have a good chance at Apple, since they already know who you are. I also know people who did this, and they love it.

If you are young and hungry this would definitely make you not have to look for a job ever again, but even to me that sounds a bit like boomer-speak. I'm not sure how out of touch I am, but I believe getting hired at one of these companies would still open a lot of doors for you in the future.

The problem, of course is getting hired in the first place. Not a lot of people make it through the 5-10 interview gauntlet, but those who do are set for life. More power to them.

As for me, this is not an option.

Still, a solid choice like the other one above. Let's call it a tie for second place.

I also rank this as second-best in a tie with regular jobs

The greyhat way

If you have a solid track record of impactful 0days, you'd have no problem finding a job at an offensive security company, and boy they would love to have you on board. I know a bunch of these, and they're hiring constantly.

This is great, because you don't need to pivot to a new tech stack, but it has the downside of you not being able to talk about your findings. Also, it's likely a job where people will tell you what to do. Depending on who you are and what you want, this might be for you.

I personally would want to avoid this as I like to talk about my findings and I have distrust about who they're really selling to. However, not everyone is as concerned about that as I am, and if you're not, then this is not a bad way to go. Frankly, working on catching criminal scumbags and developing 0days that help with that would not be something that I could categorically say no to. As a bonus, you could hone your vuln research skills and work with smart people on a daily basis, which is compelling, especially if you want to develop your skills quickly.

For now, I'll pass, but:

I think this is the third best option

The blackhat way

This is something that I know the least about, so I am not quite sure how this would go. I suppose working at a place like this would not be terribly different to working at a greyhat company, unless of course you work for the government in which case we start to enter proper spy territory.

From all the options, this is the one that carries the most serious consequences in my opinion. Not only doing this is categorically illegal in most places, it's the type of thing that will put you on no-fly lists and get you arrested at international airports. This is not for the faint of heart, because it's very likely that your colleagues (aka co-conspirators) would throw you under the bus to save themselves if there's a problem, so that's that.

You can decide if you want to take that risk, but in my opinion it's not worth it. Working for your local government is the least bad of these, but if you just want to sell to the highest bidder, you will encounter some shady people. It's up to you if you want to deal with all of this, but know what you're getting into. Needless to say, you shouldn't do this if you like to travel internationally.

I rank this as dead last, it's not something I'd recommend

Option #3: We start a rally / unionize / go to the media.

I don't think these options are feasible, or reasonable. While the changes are bad, it's nowhere near game-over, so I pass.

Option #4: Going nuclear

Full Disclosure might seem like the way to go in these situations, however Apple's stance on that is crystal clear. I had them confirm this.

The punishment for dropping 0days

This is in the guildeines page, and I quote:

"Publicly disclosing security issues before a fix is available makes you ineligible for all Apple Security Bounty rewards." (emphasis mine)

If you publish a yet to be patched vulnerability (not necessarily a 0day, just a bug they haven't fixed yet):

Apple will ban you for life from the ASB

This also means that you would lose all of your currently submitted bugs.

If you happened to have an SRD, that will obviously be taken as well.

I think this is unreasonably harsh.

Consider the following situations:

If Apple decides they won't pay for a bug class in the future and you publish? - You are banned for life

If Apple is unwilling to fix a bug for years and you publish? - You are banned for life

You publish about a bug that is not even recognised as a security issue, but it turns out that it is? - You are banned for life

Granted, I don't really think the last one would happen, but who knows? The rules allow for it.

Also, it's worth considering that Apple would probably sue you on top of all of this, just for good measure. I don't think the lawyers would be cool with you dropping exploits publicly.

Now, this is quite a good deterrent from Apple against researchers who are already in their system. The more bugs they currently have in progress the more their financial exposure is. It's an interesting example of a golden handcuff, but it does have two glaring problems. If someone really wanted to be vengeful, they could just a) post anonymously and b) sell it on the black market. Sure, both of these are illegal and might have lawyers coming after them, but it might not be trivial for Apple to find out that this happened.

I think with that, our nuclear options are exhausted. I'd advise you not to seriously consider these, but I'm not your mom. Unnecessarily introducing bad blood into your relationships does not lead to them being very productive, professional or otherwise.

As for me, I am doing my best to try to get used to my handcuffs. It's not completely unreasonable, but it is unfair and I reserve the right to complain about it.

With that, we're out of options, or at least the ones that I could think of. There's one more interesting facet to this whole situation that I wanted to talk about. Last one, I promise.

Weird incentives

Devalued exploits

A funny side effect of the presented changes was this: An attacker can now buy an App Sandbox Escape for $5k and a Full TCC bypass for another $5k, and for the low-low price of $10k they have effectively disabled all meaningful mitigations that are meant to protect user data.

Now I'm not trying to give anyone any ideas, but for a malware vendor this would make a lot of sense. In contrast, with the old bounty pricing the same trick would have set them back $41k ($30.5k + 10.5k), which is more than 4x the cost. I'm unfamiliar with malware operations and their economy but that to me sounds plausible. Maybe I'm wrong, and they don't care at all.

In any case, this lead me to the following realization.

Involuntary bug bounty programs

A company the size of Apple will always have a bug bounty program, even if it's run by someone else.

Due to the sheer number of users, Apple software will always be a target. Somebody will always be interested in buying exploits, and there will be people willing to sell. I know a few who did sell, and I know a lot more who didn't. Like a lot of other things, there's a market for bugs. If we look at it like that, there's two possible situations that can be true regarding the new changes:

1) These bugs actually just don't worth as much, in which case Apple's move is correct

2) These bugs do worth more than Apple is willing to pay, in which case Apple is driving legitimate research(ers) to the black market.

I don't have a problem with the first, but the second one is alarming. It also doesn't help the situation that Apple requires sort-of weaponised exploits and real impact to be demonstrated. All participants had to develop these skills, whether they wanted to or not. Now every participant should be pretty adept at producing reliable exploits.

With the recent attempt to push researchers into other areas of the ASB, I think it's extremely important to consider that there are other participants on the market. It might not be trivial to figure out what their goals and incentives are.

Do I think that this will result in researchers leaving the ASB to do blackhat work? I don't think so. I certainly hope not. But then again, I'm basing my assumptions on my background, my thinking, my values. This calculation might be completely different for others, and I think that's also an important thing to keep in mind.

Closing thoughts (finally)

Sorry for rambling this much. I never intended for this post to be this long (or to even exist), but I had to work it out. I hope this was insightful to you if you are in the ASB, or you plan to start working on it.

I also hope that Apple doesn't get too mad about this, because that is not the point. The point was to inform. Then again, I am just one dude with a very specific set of priorities, skills and biases, so your milage will vary, a lot.

On that note, if you think I am wrong, please do not hesitate to reach out. I want to start a discussion, but more importantly - and selfishly - I want to improve my own understanding of what's happening.

Thanks for listening.