No idea why is Apple being greedy here. They have enough money and there are going to be buyers out there, who are going to have other intentions, which could become much more expensive for Apple. Save a cent to lose dollar kind of situation.

You can still get some reward for it on the dark web, surely.

Not a great look when many responses are "if the provider won't protect people, then the researcher should contemplate hurting people".

Is this normal? I’m only ancillary to security stuff like this but without details of the exploit it’s hard to say whether or not this is scandalous or not. It’s possible Apple made a mistake here, but is that a more likely scenario than the vuln just not being exploitable enough to warrant a bounty?

I think this is actually the security researcher's fault. If you read the small print, this kernel bug doesn't meet the Bug Bounty Qualification Criteria of being on an OS that Apple actually gives a shit about.

More generally, bug bounties are not a significant industry for getting people paid, Hacker1 is Uber/Lyft for hackers. Maybe in some markets bug bounties are actually valuable relative to the prices of things, but in America it’s basically impossible to pay people what they are worth to find bugs.

This kind of shit makes all of their customers less safe.

When people realise this is what they can expect from Apple they will just sell these exploits to intelligence agencies instead for who knows what purpose.

So congratulations Apple of fucking over not just this person but your entire customer base for years to come. Morons.

So are we going to take this twitter post at face value? Anyone have more info?