Apple recently paid a group of white hat hackers a total of $288,500 in 32 payments for discovering vulnerabilities in the company’s core system. Between July 6 and October 6, the team managed to find more than 50 security flaws that are extremely threatening to Apple users’ privacy.
As stated in IANSreport, the fact that the tech giant had awarded a 27-year-old Indian security researcher with $100,000 for discovering a vulnerability in the ‘Sign in with Apple account authentication’ now patched by the company, motivated the hackers group to attack Apple’s web assets.
“This was surprising to me as I previously understood that Apple’s bug bounty program only awarded security vulnerabilities affecting their physical products and did not payout for issues affecting their web assets” said Sam Curry, application security researcher, who was part of the hacker’s group consisting of Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes, whom, together, managed to find a total of 55 security vulnerabilities, from which, 11 are critical, as they allowed him to take control Apple’s core infrastructure and from there steal private emails, iCloud data, and other private information, 29 are of high severity, and 13 are of medium severity.
Apple directly fixed the vulnerabilities after they were reported by Curry often within 4 to 6 hours of his initial advisory. The company has so far processed about half of the vulnerabilities and committed to paying $288,500 for them. Once Apple processes the remaining flaws, the total payout is said to surpass $500,000.
Curry then pointed out how dangerous these flaws were by mentioning in an online chat after posting a write-up titled We Hacked Apple for 3 Months: Here’s What We Found:”If the issues were used by an attacker, Apple would’ve faced massive information disclosure and integrity loss””For instance, attackers would have access to the internal tools used for managing user information and additionally be able to change the systems around to work as the hackers intend”, he added.