Apple Inc has awarded a group of ethical hackers – Samuel Erb, Sam Curry, Brett Buerhaus, Ben Sadeghipour, and Tanner Barnes – an amount of almost $300,000 for finding over 50 vulnerabilities in the Cupertino-based tech giant’s systems under its bug bounty program.
The five hackers spent around 90 days doing this and found a total of 55 vulnerabilities with 29 high severity, 11 critical severity, 13 medium severity, and 2 low severity reports, the Times of India reported.
In order to assess the severity of the flaws, the hackers used the Common Vulnerability Scoring System (CVSS) as well as their profound knowledge of how much business-related affect the flaws could have, WeLiveSecurity reported.
They found several vulnerabilities in core portions of the company’s infrastructure that would have allowed a miscreant to compromise applications of both customers and employees and the company’s industrial control warehouse software, retrieve source code for internal projects, take over a victim’s iCloud account, or the sessions of Apple employees with the capability of accessing sensitive resources.
The US-based company on its part also quickly fixed the vulnerabilities.
“All of the vulnerabilities disclosed here have been fixed and re-tested. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours,” said the hackers in a blog post.
Last year, the company formally opened its bug bounty program to all security researchers for finding major flaws in its operating systems.