This article is about how I found a vulnerability on Apple forgot password endpoint that allowed me to takeover an iCloud account. The vulnerability is completely patched by Apple security team and it no longer works. Apple Security Team rewarded me $18,000 USD as a part of their bounty program but I refused to receive […]
I really liked how the story was told by Laxman. This is well written. Also, based on the story, what a shit move from Apple for giving incentives for unethical hacking by not compensating properly.
Not compensating properly is exactly how Apple will end up with zero-days sold to blackhats or companies like Greyshift or Cellebrite instead of reported to them.
It’s not like Apple doesn’t have the money for it. If they genuinely care about the security of their system, that wouldn’t be an issue.
deleted by creator