Google Claims Apple Employee Found A Security Vulnerability But Did Not Report It – News18

Google is unlikely to be pleased with one of Apple’s employees who found a zero-day vulnerability but did not report the issue so that the company could work on a fix for it. The vulnerability found by the employee doesn’t carry a huge security threat but Google is not pleased with how it got to know about the issue.

As per the official comment in the bug report, Google didn’t know that it was unaware of a zero-day security issue, which did not have a fix, putting millions of users at risk.

Now the interesting thing is how Google found out about the problem and who reported the issue. The company claims an unnamed person reported the issue, which was originally discovered by the Apple employee who was part of the Capture The Flag hacking event in March this year.

“This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022,” as mentioned by the Google employee. Incidents like these are not uncommon but what is really intriguing is that the Apple employee decided against reporting the issue.

Reports suggest the person was caught up with other work and since the issue was not really threatening, he decided to wait it out and eventually report to Google, by which time, the company had already got the bug report from another person. As per the bug report data, the issue was fixed on March 29 and Google awarded $10,000 (Rs 8 lakh approx) to the person who actually shared the bug, not the Apple employee who found it in the first place.

Zero-day threats have become a common sight, which is a worrying sign for the likes of Apple, Google and Microsoft among others. These vulnerabilities need constant support from the hacker groups, so that a fix can be issued to the consumers before causing any major impact in the market.