In a recent chain of events, tech firm Apple has given a group of ethical hackers around $300,000, which is over Rs 2 crores.
In a recent chain of events, tech firm Apple has given a group of ethical hackers around $300,000, which is over Rs 2 crores. The award was given as the hackers helped the company find 55 vulnerabilities in the company’s core system. The group of five hackers- Ben Sadeghipour, Sam Curry, Samuel Erb, Tanner Barnes and Brett Buerhaus spent around three months getting into the company’s protected system and finding vulnerabilities that can be used to hack the company’s internal system.
A total of 55 vulnerabilities were identified by these hackers out of which 11 were noted as critically severe. Among the remaining, 29 were termed as highly severe, 13 with medium severity and 2 with low severity.
In a blog post, the hackers noted that when they engaged with the company’s software, there were a variety of vulnerabilities in core portions of Apple’s infrastructure. These vulnerabilities, according to the hackers, would’ve allowed an attacker to compromise customer and employee applications completely. Further, if gone unnoticed, an attacker would have launched a worm capable of automatically taking over a victim’s iCloud account. From it, the source code for internal Apple projects could be retrieved. “Attackers could fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources,” read a statement in the blog post.
After the vulnerabilities were pointed out, the company fixed all the problems and retested it again within two days. The hackers further said that no one really knew about the bounty program than those involved. “Apple has had an interesting history working with security researchers, but it appears that their vulnerability disclosure program is a massive step in the right direction to working with hackers in securing assets and allowing those interested to find and report vulnerabilities,” the post read.