Security News > 2020 > October > Researchers Get Big Bounties From Apple For Critical Vulnerabilities
A team of researchers has received hundreds of thousands of dollars in bug bounties from Apple for reporting 55 vulnerabilities, including ones that exposed source code, employee and customer apps, warehouse software, and iCloud accounts.
Researchers Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes decided in early July to take part in Apple's bug bounty program and attempt to find as many vulnerabilities as possible in the tech giant's systems and services.
To date, Apple made 32 payments to the researchers totaling $288,500, but they expect to receive more for their findings in the coming months.
The researchers said in a blog published this week that a vast majority of the vulnerabilities they reported to Apple have been patched.
They found a way to bypass authentication and authorization on the Apple Distinguished Educators website, which ultimately could have allowed an attacker to execute arbitrary commands on an Apple web server, access an internal user account management service, and access "The majority of Apple's internal network."
News URL
Related news
- CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical vulnerabilities remain unresolved due to prioritization gaps (source)
- Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)