Cybersecurity

Apple Rejects Kaspersky’s Bug Bounty Amid Spying Controversy 

  • Reading time: 2 min
Apple refused to pay a bug bounty to Kaspersky Lab, following the disclosure of zero-day vulnerabilities in iPhone software. 

Apple refused to pay a bug bounty to Kaspersky Lab, following the disclosure of zero-day vulnerabilities in iPhone software. 

As per the cybersecurity firm these vulnerabilities were used with the aim to spy on Kaspersky employees, as well as Russian diplomats. 

A spokesperson from Kaspersky Lab told Recorded Future News that the team behind these findings are qualified for Apple’s Bug Bounty Program. Nevertheless, the tech giant declined such request, taking as reference its policy and did not respond to requests for comment as well. 

What Are Big Bounties? 

Big bounties are a common practice where companies give researchers who find vulnerabilities that could put them at risk. These kinds of rewards are a way to encourage researchers to report vulnerabilities instead of selling them to malicious actors. 

Previously, Kaspersky has also unveiled a similar spying campaign dubbed Operation Triangulation. This campaign aimed at targeting several dozens of iPhones used by Apple’s employees, including both top and middle management. 

The cybersecurity company described this campaign as “an extremely complex, professionally targeted cyberattack.” While researchers added that it was “definitely the most sophisticated attack chain we have ever seen,” highlighting its sophistication and the specific targeting of the attackers, which suggested it was state sponsored. 

Apple and US Cahoot 

At the same time the information was revealed, Russia’s Federal Security Service (FSB) accused both the U.S and Apple of collaborating to spy on Russian diplomats. Meanwhile, Russia’s computer security agency for its part claimed that breach indicators for both campaigns on Kaspersky and Russian diplomats were at the same level. 

The suspected collaboration focused on a vulnerability identified as Common Vulnerabilities and Exposures CVE -2023-38606, which affected a rare hardware feature that wasn’t used by any iOS firmware; thus, Kaspersky suggested it was meant for debugging or testing purposes. 

In this regard, a spokesperson for Apple stated: ““We have never worked with any government to insert a backdoor into any Apple product and never will.” 

The refusal of Apple to pay the bug bounty comes amid the growing tensions between Russia and the U.S due to the invasion of Ukraine. The tech giant has also suspended product sales in Russia, removed state-controlled media apps from its App Store, and limited services like Apple Pay. 

Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Intelligent Tech sections to stay informed and up-to-date with our daily articles.

Tags: