Apple lowers Mac security bounty rewards in seeming shift to iPhone attacks

It has long been believed that Macs are more secure than Windows PCs. Whether this is true or not is up for debate, but it is a key marketing argument used by Apple. But Apple’s latest macOS security move is a bit concerning.

According to Csaba Fitzl, macOS security researcher at Iru (spotted by 9to5Mac), Apple has reduced the security premiums it offers for macOS. In a LinkedIn post (membership required), Fitzl states that “complete TCC (privacy) bypasses decreased from 30.5K to 5,000… Individual TCC categories also increased from 5 to 10,000 to 1,000” and that “macOS sandbox escapes also decreased from 10,000 to 5,000.”

According to Fitzl, the cuts send the wrong message to security researchers. “Few people search for vulnerabilities on the macOS platform anyway, and this move could reduce that even further.” Meanwhile, as security researcher Andrew Poole points out in a response to Fitzl’s post, Apple has increased bounties for iOS.

It’s unclear why Apple would make these cuts (Macworld has contacted Apple for comment). Several recent reports indicate that malware for macOS is on the rise, and other reports show that Mac market share has increased. It seems more vital than ever to maintain the security of macOS. If anything, Apple’s security ratings for macOS updates seem to get longer each time.

Apple continues to be a very successful company financially: the company posted record revenues in its most recent financial quarter, not to mention a double-digit increase in Mac sales. Money and Mac demand aren’t the problem, so the reasons seem to point to a shift toward macOS development. Whatever the reason, security researchers now have less incentive to work on Macs, which could cost Apple dearly in the long run.