Reza Sabuncu and his friend Ertugrul, who worked as a Backend Developer at Masomo, discovered two different vulnerabilities in different Apple systems through their own efforts. Riza and Ertugrul, who reported the errors they found to the tech giant, were rewarded with $ 2,500 and $ 5,000 for their turn.
Technology companies organize award-winning “bug bounty” or “bug hunt” programs in Turkish to quickly fix vulnerabilities in their services consisting of millions of lines of code. Programmers who are interested in cybersecurity or system vulnerabilities report the vulnerabilities they find to giant companies. Recently, software developers in Turkey have been doing important work on the bug bounty.
Not much, just last May, Apple found a deficit and rewarded it with $ 7,500 at the end of the process, about 1 month before that, Apple found another deficit. When we reached him, he noted that the vulnerability was “on a cloud service where Apple’s address formatting configs (setting files) are necessary for development and where user names and passwords are stored.”
He then sent billions of HTTP requests to Apple’s thousands of subdomains (subdomains) for 15 days and tested them. Reza, who reported the situation in detail to Apple, noted that the gap was fixed in about 3 hours. Normally, Apple takes months to review a report, reach out to the discoverer, work together if necessary, and disclose the reward, but the entire process took 1 month when Reza discovered it. This, in turn, shows how critical the deficit it actually found is for Apple.
Another bounty hunter friend of Reza’s, 18-year-old Ertugrul, found an open domain of Apple’s iTunes service. Ertugrul, who stated that he discovered the vulnerability in about 1 hour on June 3 and that even his Appleids could be affected as a result, then reported the details to Apple with video evidence within 1.5 hours. Apple partially fixed the vulnerability within the first 24 hours so that users would not be affected, then with regular updates, the problem was completely eliminated on August 13.
Reza Sabuncu, who won a $ 7,500 prize from Apple after a 3-month process in May, was awarded $ 2,500 thanks to the last deficit he discovered. Ertugrul was awarded US $ 5,000. Both programmers accepted the award.
On the first day that Apple decided to call the deficit, and on one of its first tests, Ertugrul, who reached the result, rained congratulatory messages on social media throughout 2020. Apple’s bug bounty program is a topic of interest to programmers in many parts of the world. If you are also a programmer and are interested in this topic, you can find details of the program on Apple’s official page.