October 25, 2020

The researcher submitted 55 vulnerabilities to Apple and get a $51,500 bonus

1 min read

Recently, a security research team received over 51,500 from Apple for submitting 55 vulnerabilities in the product to Apple. The security research team includes five people including Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes. They claim to have discovered these vulnerabilities in three months, and the vulnerabilities are more or less harmful.

US Air Force bug bounty

The security research team said: “During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”

At the same time, they also said that Apple responded quickly to the vulnerabilities they submitted, some of which took only four hours from submission to fix. It can be seen from it that Apple still pays more attention to security issues.

With Apple’s permission, the organization issued a detailed report to show some of the vulnerabilities in Apple products they found and gave out methods to find and exploit vulnerabilities. You can click here to view.