Here’s why Apple apologised to a security researcher

A security researcher by the name illusionofchaos recently said that he pointed out certain security flaws to Apple. In a blog post, the researcher said, “I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page.”
Apple has now responded to the matter. According to a report by Motherboard, an Apple employee responded and said, “We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you. We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”


The ‘buggy’ bug bounty program

The Cupertino-based tech giant has a bug bounty program where researchers are rewarded for pointing out security flaws and vulnerability. A report by The Washington Post pointed out that security researchers are “fed up” with Apple’s program. The report quotes an iOS software engineer who claims to have submitted multiple bugs to Apple and never received a payment. The engineer said that he was kicked out of the Apple Developer Program instead.
Researchers also claimed that Apple takes a long time to complete payout when compared to other tech companies Microsoft, Google, Facebook, as per researchers, not only pay more money but also do it better. Google in 2020 paid $6.7 million as part of its bug bounty program whereas Microsoft paid $13.7 million. In comparison, Apple paid $3.7 million.
Apple’s head of Security Engineering and Architecture had given a statement on the bug bounty program. “The Apple Security Bounty program has been a runaway success,” Ivan Krstić, head of Apple Security Engineering and Architecture. Apple has nearly doubled the amount it has paid in bug bounties this year compared to last, and it leads the industry in the average amount paid per bounty, he said
“We are working hard to scale the program during its dramatic growth, and we will continue to offer top rewards to security researchers working with us side by side to protect our users and their data on more than a billion Apple devices around the world,” he added.

Leave a Reply

%d bloggers like this: