{"id":37585,"date":"2020-10-09T23:19:56","date_gmt":"2020-10-09T23:19:56","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/"},"modified":"2020-10-09T23:19:56","modified_gmt":"2020-10-09T23:19:56","slug":"five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/","title":{"rendered":"Five bag $300,000 in bug bounties after finding 55 security holes in Apple&#8217;s web apps, IT infrastructure"},"content":{"rendered":"<p>A team of vulnerability spotters have netted themselves a six-figure payout from Apple after discovering dozens security holes in the Cupertino giant&#8217;s computer systems, some of which could have been exploited to steal iOS source code, and more.<\/p>\n<p>Brett Buerhaus, Ben Sadeghipour, Samuel Erb, Tanner Barnes, and Sam Curry <a target=\"_blank\" href=\"https:\/\/samcurry.net\/hacking-apple\/\" rel=\"noopener noreferrer\">this week said<\/a> that of the 55 bugs they uncovered, 11 were rated as critical, 29 were high-severity, 13 were medium, and two were considered low risk.<\/p>\n<p>We&#8217;re told it took them about three months to discover the flaws in Apple&#8217;s IT infrastructure, and having privately reported their findings to the iGiant, they bagged bug-bounty rewards totaling $288,500 or more \u2013 Curry told us the money is still rolling in from Cupertino \u2013 which works out to an average of $19,233 each per month. The final split will be on the basis of individual bugs found, though it will be close to even.<\/p>\n<p>&#8220;We&#8217;re splitting everything up based on contribution to each bug,&#8221; Curry told us. &#8220;We&#8217;ve kept track of who has spent time on what, and split everything that way. So far it&#8217;s close to even because everyone has contributed very similar amounts.&#8221;<\/p>\n<blockquote class=\"pullquote\" readability=\"5\">\n<p>We&#8217;re splitting everything up based on contribution to each bug<\/p>\n<\/blockquote>\n<p>It&#8217;s understood Apple is still working to address some of the reported bugs; the &#8220;vast majority&#8221; of the flaws have been solved, though. As such, only a few of the security blunders have been documented publicly by the team.<\/p>\n<p>Curry said the group decided to target Apple&#8217;s public-facing networks in July, a few weeks after seeing the story of <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/06\/01\/flaw_apple_sso\/\" rel=\"noopener noreferrer\">Bhavuk Jain<\/a>, who earned $100,000 for finding a bug in Apple&#8217;s customer sign-in system.<\/p>\n<p>This prompted them to case Apple&#8217;s outward-facing IT infrastructure and its websites. They collected details on some 25,000 web servers and 7,000 domains within Apple&#8217;s huge 17.0.0.0\/8 IPv4 address range. The team decided to focus on that IPv4 block, which included icloud.com and 10,000 apple.com servers, as those services seemed to have the most potential.<\/p>\n<p>The crew enumerated, by brute force, the directories on those web servers, which uncovered information that led them to 22 VPN servers vulnerable to Cisco&#8217;s <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-3452\">CVE-2020-3452<\/a> <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2020\/08\/31\/in_brief_security\/\" rel=\"noopener noreferrer\">file-leaking bug<\/a>, and a flaw that exposed Spotify access tokens within error messages. That Cisco bug could be exploited to log in as a user and impersonate them on the network.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2020\/04\/07\/shutterstock_wfh.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"young intern works from home\"><\/p>\n<h2 title=\"We asked hundreds of IT decision makers where their priorities lie \u2013 here are the results\">50%+ of our office seats are going remote, say majority of surveyed <i>Register<\/i> readers. Hi security, bye on-prem<\/h2>\n<p><a href=\"https:\/\/www.theregister.com\/2020\/08\/20\/new_normal_reader_research\/\"><span>MORE SECURITY<\/span><\/a><\/div>\n<p>&#8220;The information obtained by these processes were useful in understanding how authorization\/authentication worked across Apple, what customer\/employee applications existed, what integration\/development tools were used, and various observable behaviors like web servers consuming certain cookies or redirecting to certain applications,&#8221; explained Curry.<\/p>\n<p>&#8220;After all of the scans were completed and we felt we had a general understanding of the Apple infrastructure, we began targeting individual web servers that felt instinctively more likely to be vulnerable than others.&#8221;<\/p>\n<p>At that point, it was a matter of hammering away at the various web applications they found. Among the more interesting findings was a cross-site scripting flaw <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/samcurry.net\/hacking-apple\/#vuln7\">in the iTunes Banner Builder<\/a> that could be exploited to steal the secret EC2 and IAM keys for some AWS-hosted Apple servers.<\/p>\n<p>The team also demonstrated a <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/samcurry.net\/hacking-apple\/#vuln1\">brute-force takeover<\/a> of the Apple Distinguished Educators portal using an exposed default password that let anyone who knew an admin account name to seize control of the underlying Jive application.<\/p>\n<p>Apple&#8217;s iOS source code could have potentially been accessed from its Maven repository via a <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/samcurry.net\/hacking-apple\/#vuln5\">server side request forgery<\/a> vulnerability in iCloud. Curry said the flaw could also be exploited to delve deeper into Apple&#8217;s internal network. That infrastructure was also accessible via a <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/samcurry.net\/hacking-apple\/#vuln6\">REST error leak<\/a> that granted access to Apple&#8217;s Nova debug panel.<\/p>\n<p>Not surprisingly, Apple was rather open to hearing about and fixing the flaws. Curry said the security team was rather easy to deal with. That tends to happen when you find dozens of flaws in a company&#8217;s internal services.<\/p>\n<p>&#8220;Overall, Apple was very responsive to our reports,&#8221; he noted. &#8220;The turn around for our more critical reports was only four hours between time of submission and time of remediation.&#8221; \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2020\/10\/09\/apple_bug_bounty_vulnerabilities\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unpatched Cisco VPN servers, access to the iOS source code, AWS secret keys \u2013 this is weapons grade &#8216;oof&#8217; A team of vulnerability spotters have netted themselves a six-figure payout from Apple after discovering dozens security holes in the Cupertino giant&#8217;s computer systems, some of which could have been exploited to steal iOS source code, and more.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":37586,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-37585","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Five bag $300,000 in bug bounties after finding 55 security holes in Apple&#039;s web apps, IT infrastructure 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Five bag $300,000 in bug bounties after finding 55 security holes in Apple&#039;s web apps, IT infrastructure 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-10-09T23:19:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Five bag $300,000 in bug bounties after finding 55 security holes in Apple&#8217;s web apps, IT infrastructure\",\"datePublished\":\"2020-10-09T23:19:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/\"},\"wordCount\":719,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/\",\"name\":\"Five bag $300,000 in bug bounties after finding 55 security holes in Apple's web apps, IT infrastructure 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg\",\"datePublished\":\"2020-10-09T23:19:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/10\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Five bag $300,000 in bug bounties after finding 55 security holes in Apple&#8217;s web apps, IT infrastructure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Five bag $300,000 in bug bounties after finding 55 security holes in Apple's web apps, IT infrastructure 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/","og_locale":"en_US","og_type":"article","og_title":"Five bag $300,000 in bug bounties after finding 55 security holes in Apple's web apps, IT infrastructure 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-10-09T23:19:56+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Five bag $300,000 in bug bounties after finding 55 security holes in Apple&#8217;s web apps, IT infrastructure","datePublished":"2020-10-09T23:19:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/"},"wordCount":719,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/","url":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/","name":"Five bag $300,000 in bug bounties after finding 55 security holes in Apple's web apps, IT infrastructure 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg","datePublished":"2020-10-09T23:19:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/10\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/five-bag-300000-in-bug-bounties-after-finding-55-security-holes-in-apples-web-apps-it-infrastructure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Five bag $300,000 in bug bounties after finding 55 security holes in Apple&#8217;s web apps, IT infrastructure"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37585","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=37585"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/37585\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/37586"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=37585"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=37585"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=37585"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}