Apple has awarded $288,500 to a group of five hackers for discovering 55 defects in its platform. Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes spent about three months hacking into the company’s system to discover security vulnerabilities.
During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.
All the reported flaws varied in severity: 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity. Some of these vulnerabilities were resolved in just few hours, while some remediated within 1-2 business days. As of Thursday, October 8, the group had received 32 payments from Apple totaling $288,500 for various vulnerabilities reported.
Since no-one really knew much about their bug bounty program, we were pretty much going into unchartered territory with such a large time investment. Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure program is a massive step in the right direction to working with hackers in securing assets and allowing those interested to find and report vulnerabilities.
Since last year, Apple has been actively investing in its bug bounty program, which offers up to one million dollars per vulnerability depending on the severity of the issue. You can read the comprehensive post on Sam Curry’s blog.
Apple now lets you transfer iCloud photos to Google Photos
Australia finally approves ECG feature on Apple Watch
Apple orders ‘Roar,’ a series starring Nicole Kidman and Alison Brie
Google releases update for Gmail iOS app after three months
All 270 Apple retail stores in the United States are now open
World’s largest Bitcoin provider BitPay adds support for Apple Pay
YouTube won’t be supporting its app on the third-generation Apple TV
Qualcomm debuts world’s first 10 Gigabit 5G Modem
Apple releases macOS Big Sur 11.2.1, fixes MacBook Pro charging issue and security vulnerability
Apple TV Plus acquires rights to ‘Dolly,’ a movie starring Florence Pugh
Events1 week ago
Apple announces a live premiere event for Billie Eilish documentary
News6 days ago
Apple rolls out macOS Big Sur 11.2.2 to prevent damage from third-party hubs and docks
Apps & Software1 week ago
Netflix to add ‘Downloads For You’ soon on iOS devices
News5 days ago
Apple asks developers to return DTK Mac Minis by March 31 to get $500 credit