Five hackers researched and analyzed several Apple online services for three months and found a grand total of 55 vulnerabilities, some of them potentially very dangerous, according to a blog post written by one of the hackers.
For Katie Moussouris, perhaps the world's foremost expert in bug bounties, the payments may be fair."The skills required to find web based vulnerabilities are more commonly found than for mobile or iOS hacking," Moussouris told Motherboard. "Apple would logically reserve higher payouts for hacking its core OS than for hacking its websites. That being said, there’s no question they were willing to pay for the iCloud data compromise and other findings.""The real question is: could Apple have paid the same amount to professional penetration testers, given them documentation instead of wasting their time doing black box recon, and found the same or more in far less time," Moussouris concluded.
Do you research and hack on Apple products? Do you work at Apple? We'd love to hear from you. Using a non-work phone or computer, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at email@example.com, or email firstname.lastname@example.org.