Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Apple Pays Bug Bounty to Enterprise Network ResearchersApple Pays Bug Bounty to Enterprise Network Researchers
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
1 Min Read
Apple has so far paid $288,000 to white-hat hackers who discovered 55 emails in the company's enterprise infrastructure. The team of five researchers, led by 20-year-old Sam Curry, probed Apple's network from July to October and found what they described as 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity vulnerabilities.
The researchers looked at a huge number of servers, as Curry wrote on a blog post describing the project: "They own the entire 17.0.0.0/8 IP range, which includes 25,000 web servers with 10,000 of them under apple.com, another 7,000 unique domains, and to top it all off, their own TLD (dot apple)."
Vulnerabilities found include authentication and authorization bypass, cross-site scripting, command injection, and exposed secret keys. According to the researchers, Apple promptly patched or remediated all discovered vulnerabilities.
Apple is still processing the discoveries through its bug-bounty program. If all are accepted, the payout to the researchers could total more than $500,000.
Read moreĀ here.
About the Author
You May Also Like
More Insights
Webinars
Securing the Remote Workforce
Feb 20, 2025Emerging Technologies and Their Impact on CISO Strategies
Feb 25, 2025How CISOs Navigate the Regulatory and Compliance Maze
Feb 26, 2025Where Does Outsourcing Make Sense for Your Organization?
Feb 27, 2025Shift Left: Integrating Security into the Software Development Lifecycle
Mar 5, 2025
_vska_Alamy_.jpg?width=700&auto=webp&quality=80&disable=upscale)