Express Computer
Home  »  News  »  Apple awards $2,88,500 to hackers who spot 55 bugs in its systems

Apple awards $2,88,500 to hackers who spot 55 bugs in its systems

0 200

A group of hackers has received 32 payments from Apple totaling $2,88,500 for discovering 55 vulnerabilities (11 critical) in the core systems as they hacked the tech giant for three months.

The critical bugs allowed the group to take control of core Apple infrastructure and “from there steal private emails, iCloud data, and other private information”.

Apple promptly fixed the vulnerabilities. There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity and 2 low severity reports.

According to the web application security researcher Sam Curry who was part of the group, once Apple processes the remainder, the total payout might surpass $500,000.

As of October 6, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as four-six hours).

The hackers targeted Apple’s web assets after reading about 27-year-old Indian security researcher Bhavuk Jain who recently won $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero Day vulnerability in the Sign in with Apple account authentication.

“This was surprising to me as I previously understood that Apple’s bug bounty programme only awarded security vulnerabilities affecting their physical products and did not payout for issues affecting their web assets,” Curry said.

Between July 6-October 6, Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes worked together and hacked the company.

“If the issues were used by an attacker, Apple would’ve faced massive information disclosure and integrity loss,” Curry said.

“For instance, attackers would have access to the internal tools used for managing user information and additionally be able to change the systems around to work as the hackers intend”.

Apple has been actively investing in its bug bounty programme and security researchers can receive up to one million dollars per vulnerability depending on the nature and severity of the security flaw.

“As of now, October 8th, we have received 32 payments totaling $288,500 for various vulnerabilities,” Curry said.

“However, it appears that Apple does payments in batches and will likely pay for more of the issues in the following months”.

Curry said that Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure programme is “a massive step in the right direction to working with hackers in securing assets and allowing those interested to find and report vulnerabilities”.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image