Bug Bounty program: Apple paid $300,000 to ‘hackers’, here’s why

0

Cupertino-based tech giant Apple has awarded a group of ethical hackers an amount of almost $300,000 (approximately Rs 22 lakhs). This was done as a response for finding 55 vulnerabilities in the company’s systems.
The group consists of five hackers — Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes — who spent three months doing this and found a total of 55 vulnerabilities with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports.
“During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources,” said the hackers in a blog post.
The iPhone maker on its part also quickly fixed the vulnerabilities. “All of the vulnerabilities disclosed here have been fixed and re-tested. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours,” added the blog.
Talking about the bug bounty program by Apple the hackers said, “Since no-one really knew much about their bug bounty program, we were pretty much going into unchartered territory with such a large time investment. Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure program is a massive step in the right direction to working with hackers in securing assets and allowing those interested to find and report vulnerabilities.”

For the latest tech news and updates, Install TechCodex App, and follow us on Google News,  Facebook, and Twitter. Also, if you like our efforts, consider sharing this story with your friends, this will encourage us to bring more exciting updates for you.

Source

Get real time updates directly on you device, subscribe now.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More