Apple Inc (NASDAQ:AAPL) rewarded five hackers with more than $288,000 for finding vulnerabilities in its online services.
What Happened: The hackers found 55 vulnerabilities — 11 of which were of critical severity and 29 of high severity — in a period between July and October this year, according to a blog post written by Sam Curry, one of the five beneficiaries of the bounty.
A serious bug that the hackers found would have allowed for the creation of a tool that could steal data like photos, videos, and documents from a user’s iCloud account and then forward the exploit to the contacts of the victim to repeat the process.
Another serious flaw the security researchers found would have allowed an attacker to access the Cupertino, California-based company’s source code repository, which could have endangered hundreds of iOS and macOS applications.
Curry described the company’s vulnerability disclosure program as a “massive step in the right direction to working with hackers.”
Why It Matters: As of Oct. 8, Curry said he and the other hackers have received 32 payments totaling up to $288,500 but he said since Apple does payments in batches they will likely pay the group more in the following months.
All the vulnerabilities discovered by the hackers have been fixed and re-tested, as per the blog.
Apple’s original payment of $51,500 had led to some criticism from experts, according to Vice.
Dan Tentler, the founder of security company Phobos, told Vice that the amount was “incredibly low.”
“Imagine if any nation state threat actor discovered those [vulnerabilities]. Imagine how far-reaching the damage would be,” said Tentler.
Price Action: Apple shares traded nearly 0.3% higher in the after-hours session at $115.27 after closing mostly unchanged.