I Got Paid $1,000 by Apple Because My Macbook Exploded in Silence

It didn’t actually explode. It imploded quietly, like dignity in a bad Zoom call.

Here’s what happened:

I AirDropped a video from my iPhone 14 Pro to my shiny M4 MacBook Pro (macOS 15.5).

Video went through. Seamless. Magical.

And then—boom, but digital: sharingd faceplanted into a segmentation fault.

Not just a polite little “oops.” No. Full-on EXC_BAD_ACCESS (SIGSEGV) like it was trying to retain an object that didn’t exist anymore. Zombie pointer shit. In the beating heart of Apple’s Continuity stack.

You don’t notice this stuff because launchd is like that shady fixer in every mob movie—hiding the bodies before you know a crime happened. Your AirDrop “just works” while sharingd resurrects in the background like a drunk necromancer.

The Bug That Paid for My Next Whiskey

I pulled the crash log.

Saw objc_retain in the stack trace like a ghost reaching for bones:

Thread 4 Crashed:: Dispatch queue: com.apple.network.connections
0   libobjc.A.dylib     objc_retain + 16
1   Network             invocation function for block in nw_protocol_finalize_temp_frame_array + 28
2   Network             nw_protocol_instance_tear_down_path_inner + 192

Translation for normal humans: Apple’s networking stack tried to keep something alive after killing it.

Classic use-after-free. Race condition in libnetcore.

This wasn’t just a one-night stand bug either. Repro was 90% reliable if you hit that 1–2 second post-transfer cleanup window.

What I Did Next

I didn’t shrug.

I went full forensic mode:

• Packet captures

• Timing windows

• Log streams that looked like a horror novel for engineers

Then I wrote a PoC that could trigger the crash repeatedly using normal AirDrop transfers—no kernel poking, no weird privileges. Just your everyday Apple fairy dust breaking under stress.

Apple Paid Me

Submitted to the Apple Security Bounty program. Waited.

They tagged it as CVE-2025-43202 in libnetcore.

Payout? $1,000.

Not life-changing. But validating. Because this was infrastructure-level, not some random app bug. And yeah, the fix is in macOS 15.6 and iOS 18.6.

The Part Nobody Talks About

The bounty isn’t the whole point.

The point is this:

We live in this illusion that seamless = stable. It’s not. Every smooth AirDrop hides a pile of async race conditions juggling memory like flaming chainsaws.

Apple fixed this one. But the whole industry? It’s still a magic trick built on crash loops and duct tape.

For The Curious (a.k.a. My People)

Want the juicy bits?

• Bug Class: Use-after-free (objc_retain on deallocated object)

• Impact: sharingd crash → brief DoS for AirDrop & Continuity features

• Root Cause: Race condition during nw_protocol_finalize_temp_frame_array in libnetcore

• Trigger: Post-transfer cleanup phase after AirDrop

• CVE: CVE-2025-43202

• OS: macOS 15.5, iOS 18.5 paired device

Why Am I Writing This?

Because too many blogs about bounties read like sterile lab reports. Screw that.

This is not just a bug. This is a glitch in Apple’s seamless dream.

I found the fracture point.

They paid me to close it.

And now I’m telling you because the truth is beautiful and brittle.

Like every abstraction we worship.

Like the idea that any of this will ever “just work.”