Apple recently awarded a group of ethical hackers with a total of $2,88,500 (in 32 payments) for uncovering security flaws in the company’s core system.
Hackers kept looking for security bugs in the company’s system for three months during which they spotted a total of 55 security vulnerabilities.
As reported by the IANS, all the security vulnerabilities (11 critical, 29 high severity, and 13 medium severity) that were discovered by a group of ethical hackers have been fixed by Apple. These security bugs allowed the hackers to get access to Apple’s core infrastructure which could allow them to steal the company’s confidential data.
These security vulnerabilities were patched within 1-2 business days and some were even corrected within 4-6 hours, after their discovery.
The report states that the primary motivation for the hacker group tio attack Apple’s web assets was the fact that the tech giant had awarded a 27-year-old Indian security researcher Bhavuk Jain with $100,000 (over Rs 75.5 lakh). Jain had discovered a Zero-Day vulnerability in the ‘Sign in with Apple account authentication’, which has now been patched by the company.
“This was surprising to me as I previously understood that Apple’s bug bounty program only awarded security vulnerabilities affecting their physical products and did not payout for issues affecting their web assets,” said Sam Curry, application security researcher, who was part of the hacker’s group.
Curry was joined by Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes, who together hacked Apple systems between July 6-October 6. Curry also further added that if the company’s core system was instead hacked by a threat actor, it could have led to a ‘massive information’ leak as well as reputational loss.
“For instance, attackers would have access to the internal tools used for managing user information and additionally be able to change the systems around to work as the hackers intend”, said Curry. Apple rewarded the payments to the group in batched and will be paying more of the remaining payment in the coming months.
In another cybersecurity news, Check Point, a cybersecurity firm, recently revealed in research that India is the second-most targeted country for ransomware across the globe.
The top-most affected country by cyberattacks across the world is America. The research states that a 50% surge in the daily average of ransomware attacks was observed in the last three months globally, reports IANS.