Apple Pays Bug Bounty to Enterprise Network Researchers

So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.



Apple has so far paid $288,000 to white-hat hackers who discovered 55 emails in the company's enterprise infrastructure. The team of five researchers, led by 20-year-old Sam Curry, probed Apple's network from July to October and found what they described as 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity vulnerabilities.

Related Content:

Apple Signs Shlayer, Legitimizes Malware

2020 State of Cybersecurity Operations and Incident Response

New on The Edge: Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

The researchers looked at a huge number of servers, as Curry wrote on a blog post describing the project: "They own the entire 17.0.0.0/8 IP range, which includes 25,000 web servers with 10,000 of them under apple.com, another 7,000 unique domains, and to top it all off, their own TLD (dot apple)."

Vulnerabilities found include authentication and authorization bypass, cross-site scripting, command injection, and exposed secret keys. According to the researchers, Apple promptly patched or remediated all discovered vulnerabilities.

Apple is still processing the discoveries through its bug-bounty program. If all are accepted, the payout to the researchers could total more than $500,000.

Read more here.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service