2 comments

[ 3.7 ms ] story [ 14.7 ms ] thread
This is such a great hack and a great write up. Thanks for posting it.

Shocked at how little Apple paid for it. I’m a CTO at a tiny company and we pay security researchers 10% of what you got for things 100x less severe than what you found.

thank you! always want to make this kind of this more accessible – especially since its so interesting.

I can only say the grey market becomes more enticing every time.

I personally feel like pure web bugs like this just generally get paid less (on the bounty market only) due to a strange kind of prejudice– people expect the big-ticket bugs to be binary or cryptography, and tend to dismiss XSS, even when the impact is extremely high, as in this bug.