Apple has so far paid $288,000 to white-hat hackers who discovered 55 emails in the company's enterprise infrastructure. The team of five researchers, led by 20-year-old Sam Curry, probed Apple's network from July to October and found what they described as 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity vulnerabilities.
The researchers looked at a huge number of servers, as Curry wrote on a blog post describing the project: "They own the entire 18.104.22.168/8 IP range, which includes 25,000 web servers with 10,000 of them under apple.com, another 7,000 unique domains, and to top it all off, their own TLD (dot apple)."
Vulnerabilities found include authentication and authorization bypass, cross-site scripting, command injection, and exposed secret keys. According to the researchers, Apple promptly patched or remediated all discovered vulnerabilities.
Apple is still processing the discoveries through its bug-bounty program. If all are accepted, the payout to the researchers could total more than $500,000.
Read more here.