471
Apple refused to pay bounty to Kaspersky for uncovering vulnerability in 'Operation Triangulation' - 9to5Mac (9to5mac.com)
submitted 1 year ago by AnActOfCreation@programming.dev to c/technology@lemmy.world
20 comments fedilink hide all child comments
  • Kaspersky uncovered iOS vulnerabilities in 'Operation Triangulation', reported to Apple, but was refused bounty payment
  • Apple's Security Bounty Program offers rewards up to $1 million for discovering vulnerabilities to prevent them from being sold on the dark web
  • Apple's refusal to pay Kaspersky could be due to restrictions on financial transactions with companies in sanctioned countries like Russia.
you are viewing a single comment's thread
view the rest of the comments
[-] cbarrick@lemmy.world 247 points 1 year ago

Apple Security Bounty awards may not be paid to you if you are in any U.S. embargoed countries or on the U.S. Treasury Department’s list of Specially Designated Nationals, the U.S. Department of Commerce Denied Person’s List or Entity List, or any other restricted party lists.

Kaspersky can whine all they want. Russia is embargoed. They're not getting their money.

Kaspersky is a good company doing good work in the cyber security space. Unfortunately, because of the embargo, they may have to turn to the black market to sell future exploits. Or maybe not; I'm not totally sure what kind of ethical standards they have.

[-] Bell@lemmy.world 65 points 1 year ago

Yeah sorry guys, did you forget you work for an asshole?

[-] alcoholicorn@lemmy.ml 88 points 1 year ago

Apple could have tried to work with them and said something like "We'll pay when the embargo ends", since now Kapersky has every reason to sell their next apple exploit on the black market.

They've just turned a department of people successfully working to make apple more secure into a department of people working to make it less secure.

[-] mindlight@lemm.ee 64 points 1 year ago

Apple could have tried to work with them and said something like "We'll pay when the embargo ends"

.....aaaaand that would most likely be trying to circumvent the sanctions by essentially receiving credit from Kaspersky on delivered services.

Not saying the situation is optional, but the sanctions would be extremely toothless if it was that easy to circumvent.

[-] ours@lemmy.world 26 points 1 year ago

How is holding the money until (and if) the sanctions are lifted, "circumventing"?

However unlikely it would be, if the sanctions are lifted (maybe Russia gets a new, sane Government, calls off its invasion, stops its international shenanigans), wouldn't it be OK to pay this company then?

[-] mindlight@lemm.ee 15 points 1 year ago

In many cases it's doing business and not just the payment!/compansation that the sanctions is about.

[-] Fizz@lemmy.nz 35 points 1 year ago

It would be very very bad for world if the folks at Kaspersky turned to black hat activity

[-] MigratingtoLemmy@lemmy.world 2 points 1 year ago

I wish they opensource their framework

[-] awesome_lowlander@lemmy.dbzer0.com 2 points 1 year ago

Kaspersky also has a bunch of US-based subsidiaries or partners they're selling their software through. Or Apple could have just escrowed their reward until the embargo was over.

[-] etchinghillside@reddthat.com 1 points 1 year ago

Who/what are on those other lists.

this post was submitted on 10 Jun 2024
471 points (100.0% liked)

Technology

73567 readers
4012 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws