Bug Hunter Flags Major Apple Flaw, Earns $1,000 Reward

Quick Summary

• Apple operates a Security Bounty Program to reward researchers who find software vulnerabilities, wiht payouts reaching up to $2 million.
• Researcher RenwaX23 identified a critical Universal Cross-Site Scripting (UXSS) vulnerability in Safari that allowed access to iCloud and the iOS Camera app.
• The vulnerability, classified as CVE-2025-30466, had a severity score of 9.8/10 and was patched in Safari 18.4 via updates in March 2025 for iOS/iPadOS 18.4 and macOS 15.4.
• Despite it’s critical nature, Apple awarded only $1,000 for the discovery.
• Responses online suggest Apple’s payout decisions are influenced by factors such as user interaction required to trigger exploits.
• other researchers have alleged arbitrary or inconsistent compensation from Apple despite clear vulnerability classifications.

!Apple Security Research
Image: Apple

indian opinion Analysis

The incident underscores important aspects of cybersecurity policies across global technology companies like Apple and their potential impact on India’s rapidly growing tech ecosystem. India’s burgeoning cyber research community often engages with international vulnerability bounty programs due to lucrative rewards; however,inconsistent payouts could disincentivize participation among talented security researchers.india is strategically positioned as both a major consumer market for devices like Apple’s and an emerging provider of technological expertise capable of addressing vulnerabilities in critical systems globally-including Safari or iCloud accessed on millions of Indian devices daily. Ensuring fair recognition for contributions by security researchers may drive further innovation while bolstering cybersecurity resilience overall.

Transparency around payout criteria could influence ethical hacking culture worldwide-including within India-by encouraging responsible disclosure practices rather than enabling exploitation risks due to insufficient incentives.

Read More