Apple Dishes Out $288K Bounty To Five Hackers For Finding 55 Vulnerabilities

Apple Inc AAPL rewarded five hackers with more than $288,000 for finding vulnerabilities in its online services.

What Happened: The hackers found 55 vulnerabilities — 11 of which were of critical severity and 29 of high severity — in a period between July and October this year, according to a blog post written by Sam Curry, one of the five beneficiaries of the bounty.

A serious bug that the hackers found would have allowed for the creation of a tool that could steal data like photos, videos, and documents from a user’s iCloud account and then forward the exploit to the contacts of the victim to repeat the process.

Another serious flaw the security researchers found would have allowed an attacker to access the Cupertino, California-based company’s source code repository, which could have endangered hundreds of iOS and macOS applications.

Curry described the company’s vulnerability disclosure program as a “massive step in the right direction to working with hackers.”

Why It Matters: As of Oct. 8, Curry said he and the other hackers have received 32 payments totaling up to $288,500 but he said since Apple does payments in batches they will likely pay the group more in the following months.

All the vulnerabilities discovered by the hackers have been fixed and re-tested, as per the blog.

Apple’s original payment of $51,500 had led to some criticism from experts, according to Vice.

Dan Tentler, the founder of security company Phobos, told Vice that the amount was “incredibly low.”

“Imagine if any nation state threat actor discovered those [vulnerabilities]. Imagine how far-reaching the damage would be,” said Tentler.

Tech giants like Apple, Alphabet Inc GOOGL GOOG, and Microsoft Corporation MSFT have all suffered disruptions across multiple services in the recent past.

Price Action: Apple shares traded nearly 0.3% higher in the after-hours session at $115.27 after closing mostly unchanged.

Editor's note: A previous version of this article's headline contained a phrase that could be considered offensive to certain ethnicities. We deeply regret the unintentional error.