Apple Pays Bug Bounty to Enterprise Network Researchers
So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.
Apple has so far paid $288,000 to white-hat hackers who discovered 55 emails in the company's enterprise infrastructure. The team of five researchers, led by 20-year-old Sam Curry, probed Apple's network from July to October and found what they described as 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity vulnerabilities.
The researchers looked at a huge number of servers, as Curry wrote on a blog post describing the project: "They own the entire 17.0.0.0/8 IP range, which includes 25,000 web servers with 10,000 of them under apple.com, another 7,000 unique domains, and to top it all off, their own TLD (dot apple)."
Vulnerabilities found include authentication and authorization bypass, cross-site scripting, command injection, and exposed secret keys. According to the researchers, Apple promptly patched or remediated all discovered vulnerabilities.
Apple is still processing the discoveries through its bug-bounty program. If all are accepted, the payout to the researchers could total more than $500,000.
Read more here.
About the Author
You May Also Like
Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024The Right Way to Use Artificial Intelligence and Machine Learning in Incident Response
Nov 20, 2024Safeguarding GitHub Data to Fuel Web Innovation
Nov 21, 2024The Unreasonable Effectiveness of Inside Out Attack Surface Management
Dec 4, 2024