...in “Operation Triangulation” – 9to5Mac

TL;DR


• Apple refused to pay a bounty to Kaspersky for discovering a vulnerability in its "Operation Triangulation" security feature. Kaspersky reported the vulnerability to Apple, but the company declined to pay the bounty, stating that the issue was not a security vulnerability. This decision has sparked criticism from the cybersecurity community, who argue that Apple should have acknowledged and rewarded Kaspersky's discovery.

• The vulnerability discovered by Kaspersky researchers could have allowed attackers to bypass Apple's "Operation Triangulation" security feature, which is designed to protect user privacy by obfuscating the location of Apple devices. Kaspersky's researchers found a way to circumvent this feature, potentially exposing users to location-based threats. Despite the potential security implications, Apple dismissed the issue as not being a vulnerability.

• The incident has raised concerns about Apple's approach to security research and bug bounty programs. Cybersecurity experts argue that companies should be more receptive to and appreciative of researchers who identify and report vulnerabilities, as this can help improve the overall security of their products. The refusal to pay a bounty to Kaspersky has been seen as a missed opportunity to collaborate with the security community and strengthen Apple's security posture.

Like summarized versions? Support us on Patreon!