Security researcher quips maybe it's time to get 'a real job' after being paid meagre $1,000 bug bounty by Apple

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

0

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the PC Gamer Newsletter

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Every Friday

GamesRadar+

Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.

Signup +

Every Thursday

GTA 6 O'clock

Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.

Signup +

Every Friday

Knowledge

From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.

Signup +

Every Thursday

The Setup

Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.

Signup +

Every Wednesday

Switch 2 Spotlight

Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.

Signup +

Every Saturday

The Watchlist

Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.

Signup +

Once a month

SFX

Get sneak previews, exclusive competitions and details of special events each month!

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

We have a lot to thank security researchers for. Between uncovering yet more vulnerabilities in Google Chrome, and exposing an embarrassing data leak in a popular sex toy app (no, really), these white hat hackers tend to make our digital existence safer in the long run. Surely some compensation from the multi-million dollar corporations caught in a virtually compromising position is the least these techies could ask for?

Security researcher Renwa recently found a number of high severity vulnerabilities affecting Apple's Safari browser and Sequoia OS. This included an absolute doozy that could've allowed bad actors to bypass Same Origin Policy in a UXSS (Universal Cross-site Scripting) style attack. Despite this vulnerability being so severe it enjoyed the dubious honour of a 9.8 (critical) CVSS score, Renwa say they were only paid $1,000 for reporting the issue to Apple.

Apple gave credit where credit is due with regards to their security update for Safari 18.4, crediting Renwa for finding a number of issues and explaining they've since addressed CVE-2025-30466 specifically through "improved state management."

However, the reward feels like a small sum for spotting an issue that could've exposed an untold number of Apple users to hackers, especially when you consider the fact $1,000 doesn't even cover rent in a number of US cities. In their post on X, Renwa quips, "I should quit this bug bounty thing and get a real job."

Rent anxiety aside, $1,000 is especially low considering Apple has placed a bounty of up to $1 million for the finding of other flaws, such as vulnerabilities within its Private Cloud Compute servers. So, it's hardly the case that Apple is stingy overall. Then there's the fact Google recently awarded $1,000 to security researchers uncovering a number of medium and low severity Chrome vulnerabilities, with some even netting upwards of $2,000 for these relatively less critical issues. With this in mind, it's especially baffling that a vulnerability rated as high as 9.8 would be deemed such low value by Apple.

Speaking of, let's take a tour through some of the bug bounties offered by various other major players. For instance back in 2021, Valve awarded one white hat hacker $7,500 for reporting a Steam Wallet infinite funds flaw. Almost a decade earlier the same company had paid another security researcher $20,000 for highlighting an exploit that allowed hackers to generate all the Steam keys they could ever want.

And it's not just Valve with a track record of putting its money where its mouth is: Back in 2022, Rockstar awarded $10,000 to a GTA Online player that helped fix the game's slow loads. And then last year, Riot announced an especially beefy bounty for anyone who could find holes in Valorant's Vanguard anticheat (though admittedly this was intended more as a show of confidence in their own tech than paying security researchers what they're worth).

But Renwa isn't the only one getting undercut as of late. Remember the Lovense leak I mentioned up top? The core issue was reported and partially fixed multiple times over the years, but security researcher @Krissy was only paid $350 when they discovered the issue back in September 2023. According to BobDaHacker, their group of security researchers then saw $3,000 in total for reporting the same core issue years later.

Considering that all it takes to spell disaster for businesses both big and small is one correctly guessed password or a particularly nasty ransomware attack, I for one think it wouldn't hurt to more consistently pay security researchers what they're worth.

Best gaming PC 2025

👉Check out our full guide👈

1. Best overall:
HP Omen 35L

2. Best budget:
Lenovo Legion Tower 5i

3. Best compact:
Velocity Micro Raptor ES40

4. Alienware:
Alienware Aurora

5. Best mini PC:
Minisforum AtomMan G7 PT