Digital Forensics Dispatch

Apple Pays $288,000 for Vulnerabilities Found by Hackers

October 13, 2020

A team of white-hat hackers, led by Sam Curry, discovered a total of 55 vulnerabilities within Apple’s corporate network, reports Dan Goodin of Arstechnica. Curry, a security researcher who specializes in website security, discovered 55 vulnerabilities, of which 11 were deemed critical as they allowed him to take control of core Apple infrastructure and access private information such as emails and iCloud data. The discovered vulnerabilities were fixed quickly after they were reported to Apple.

Curry discovered the vulnerabilities over a three-month period. “The company has so far processed about half of the vulnerabilities and committed to paying $288,500 for them” Goodin writes. It is even possible that the total payout, once all the vulnerabilities have been processed, could be more than twice what has currently been paid to security researchers.

Curry states “[if] the issues were used by an attacker, Apple would’ve faced massive information disclosure and integrity loss.” In current times, there seem to be data breaches weekly, if not daily that are being revealed by companies large and small. Curry and his team performed the hacking under Apple’s bug-bounty program. Apple issued a statement which states “[based] on our logs, the researchers were the first to discover the vulnerabilities so we feel confident no user data was misused.” Of the 55 vulnerabilities reported, 11 were critical, 29 high, 13 medium, and 2 low. Additional information about the various vulnerabilities can be found on Curry’s Blog.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics