According to 9to5Mac , Kaspersky, a leading Russian cybersecurity firm, caused a stir when it revealed that Apple refused to pay a bug bounty for discovering a critical zero-day vulnerability in iOS. The vulnerability was part of a sophisticated espionage campaign called 'Operation Triangulation', which Kaspersky discovered last year.
According to Kaspersky, they proactively provided detailed information about the vulnerability to Apple and offered to donate the bounty to charity, but Apple refused without giving a specific explanation.
Apple accused by Kaspersky of refusing to pay rewards
This zero-day vulnerability is part of a series of four vulnerabilities exploited in the Triangulation campaign, allowing attackers to compromise and take full control of affected iPhone devices.
Kaspersky even reverse-engineered one of the vulnerabilities in the attack chain, codenamed CVE-2023-38606. Security experts discovered that the iOS kernel was being used to execute arbitrary code and elevate user privileges. Kaspersky analyzed and reported one of these vulnerabilities, helping Apple issue an emergency security patch.
Under Apple’s bug bounty program, zero-day vulnerabilities can be rewarded with up to $1 million. However, Kaspersky’s location in Russia, a country under US sanctions, may be the reason Apple is unable to pay the reward.
Apple’s decision has sparked controversy in the cybersecurity community, with some experts suggesting that Apple should have taken a more flexible approach, such as donating the bounty to a charity on Kaspersky’s behalf, to avoid violating sanctions.
Source: https://thanhnien.vn/apple-bi-kaspersky-to-quyt-tien-thuong-185240610213514484.htm
Comment (0)