Thank you for your kind words. To respond: 1. I'm not a "he", I would prefer "they". 2. As I mentioned in another comment, I have not received word back yet on any reward.
I think their "Hall of Fame" (or at least whatever people colloquially refer to as that) is their credits for people who found bugs in their web servers, so I don't think that counts here. I did get credited, so I'm happy about that. Now I just have to wait and see if they determine it's worth a reward (and, if so, how much).
It is absolutely worthy of a reward, and it should be worth a few months of your time. This is a nasty security issue, and you showed a ton of restraint not losing patience with Apple.
Honestly, it's bullshit that you don't already know whether or not you're going to get a bounty.
I will definitely admit, it can be a bit of a pain point that Apple sometimes takes a lot of time to determine a bounty. I'm just waiting patiently now to see what they say. I appreciate your kind words and encouragement.
