Independent companies often conduct analyses to identify gaps in other companies’ systems and report them in exchange for rewards. This recently occurred with Kaspersky finding a critical flaw in the iOS platform. However, Apple refused to compensate for this discovery, leading to a dispute among companies.
What was discovered by Kaspersky?
Kaspersky, famous for its antivirus software, has recently discovered a “zero-click” vulnerability on iOS, which is a severe type of flaw that can be exploited without any user interaction.
A single email with a self-executing malware attachment was all it took for any iPhone, regardless of its age, to be compromised as discovered by Kaspersky. This allowed hackers to obtain sensitive data from the devices, like location, camera, microphone, files, and contacts.
Kaspersky found a flaw in iPhones through its employees, prompting swift action from Apple to release a security update.
The controversial issue
Despite the prompt action to correct the breach, Apple refused to pay Kaspersky for the discovery. Apple has a reward program for independent researchers who find flaws in their systems, common practice also in companies like Google, Meta and Microsoft. However, Apple has offered no explanation for the refusal to pay Kaspersky.
Speculation indicates that the move might be connected to the conflict between Russia and Ukraine, with Kaspersky, a Russian firm, potentially facing sanctions. However, there has been no official confirmation from any of the parties. Apple resolved the issue by releasing a security update without engaging in discussions with Kaspersky.
What is Kaspersky’s opinion?
Kaspersky responded to Apple’s criticism by switching their employees’ company phones to Android and limiting their analysis to Google’s platform. They mentioned that any profits would go towards charity, emphasizing they don’t require funds for their operations.
