Google Alleges Apple Employee Discovered Security Flaw But Failed To Notify Company
Apple’s employee has discovered a zero-day vulnerability, which Google is unlikely to be happy about. Instead of reporting the issue for the company to address, the employee chose not to, causing dissatisfaction from Google. Although the vulnerability does not pose a significant security risk, Google is displeased with the manner in which they were informed about it.
According to Virraport’s official comment, Google did not know it was unaware of a zero-day security issue that went unpatched, putting millions of users at risk.
Now the interesting thing is how Google came to know about the problem and who reported the problem. The company claims that an unnamed person reported the issue, which was originally discovered by an Apple employee who was part of the Capture The Flag hacking event in March of this year.
“This issue was reported by an internal CTF team at HXP and was discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022,” as mentioned by a Google employee. Such cases are not uncommon, but what is really fascinating is that an Apple employee chose not to report the problem.
According to reports, the person got caught up in other work, and since the problem wasn’t really threatening, he decided to wait it out and eventually notify Google, by which time the company had already received an error report from another person. According to bug report information, the issue was fixed on March 29 and Google awarded $10,000 (roughly Rs. 8 lakh) to the person who actually shared the bug, not the Apple employee who discovered it in the first place.
Zero-day threats have become a common sight, which is a worrying sign for the likes of Apple, Google and Microsoft, among others. These vulnerabilities need continued support from hacker groups so that a fix can be delivered to consumers before they cause significant market impact.