security-bite-apple-refused-to-pay-bounty-to-kaspersky-for-uncovering-vulnerability-part-of-operation-triangulation

Apple’s Refusal to Pay Security Bounty to Kaspersky Raises Concerns

Kaspersky, a well-known cybersecurity firm, gained attention last year for uncovering an attack chain involving four iOS zero-day vulnerabilities as part of ‘Operation Triangulation’. Despite reporting one of the vulnerabilities to Apple, the tech giant has refused to pay the security bounty for the firm’s contribution.

Big tech companies like Apple often use security bounty programs to incentivize researchers and hackers to identify and report vulnerabilities. However, Apple’s decision not to reward Kaspersky for their discovery has sparked controversy within the security community.

Dmitry Galov, head of the Russian research center at Kaspersky Lab, expressed disappointment over Apple’s refusal to compensate the firm for their findings. He even suggested donating the bounty to charity, a common practice among research firms. Apple’s rejection of this proposal has left many puzzled, especially considering the extent of the information provided by Kaspersky.

In 2023, Kaspersky uncovered a sophisticated spying campaign known as Operation Triangulation, which exploited four zero-day vulnerabilities to execute a zero-click exploit on iPhones. The firm’s research lab reverse-engineered one of the vulnerabilities, leading to the discovery of a critical flaw in the iOS kernel. Apple promptly released security patches in response to Kaspersky’s findings.

The reward for identifying such vulnerabilities through Apple’s Security Bounty Program can reach up to $1 million, highlighting the importance of incentivizing researchers to report zero-day exploits. However, Apple’s decision not to compensate Kaspersky has raised speculation, with some attributing it to geopolitical factors and sanctions on Russia.

As the situation unfolds, it remains unclear why Apple chose not to acknowledge Kaspersky’s contribution and uphold its commitment to cybersecurity. The controversy underscores the complexities of security research and the ethical considerations surrounding bug bounty programs.

What are your thoughts on Apple’s refusal to pay the security bounty to Kaspersky? Share your opinions in the comments below.

Follow Arin: Twitter/X, LinkedIn, Threads

Biography: Dmitry Galov

Dmitry Galov is the head of the Russian research center at Kaspersky Lab, a prominent cybersecurity firm. With a background in cybersecurity research, Galov has been instrumental in identifying and analyzing complex security threats, including zero-day vulnerabilities. His work has contributed to enhancing digital security measures and protecting users from cyber attacks. Galov continues to be a respected figure in the cybersecurity community, advocating for transparency and collaboration in addressing emerging threats.