Apple won't pay up for bug bounty — firm refuses to pay Kaspersky after vulnerability discovered

iPhone 14 Pro Max review Notification Center
(Image credit: Future | Alex Walker-Todd)

Kaspersky, the Russian security giant, recently found a large security hole in iOS — and promptly told Apple so that the firm could receive the bounty that large companies often get for finding vulnerabilities.

Apple, on the other hand, apparently has other ideas. Upon being told of the vulnerability, Apple has refused to pay the usually requisite bounty, leaving Kaspersky without the fee it usually passes on to charities.



No bounty?

Reported by Russian outlet RTVI, Kaspersky found “zero-day, zero-click vulnerabilities, transferred all the information to Apple, and did a useful job. Essentially, we reported a vulnerability to them, for which they must pay a bug bounty”. That bounty would normally be paid, according to Kaspersky, to charity.

The issue seems related to a previous Kaspersky find, which saw the security team publish a report on the “discovery of the ‘most sophisticated cyberattack’ on iOS, the purpose of which was to silently introduce spyware into the iPhone.” This was a security attack that could infect any iPhone. Users needn’t even click the contents of the related infected message they would be sent— merely getting the message into an inbox would infect a device, with an attachment opening itself and spreading the malicious code around the device.

According to Kaspersky, the attack is all about data gathering. “Collection of any information from devices: geolocation, cameras, microphones, files, contacts. In general, all the data that can be represented on the device. This was definitely not a financially motivated cyber attack.” It’s that last bit that’s so interesting — the attack isn’t interested in how you pay for things, only your information.

Currently, Kaspersky says that it found the security issue on staff iPhones, “both top management and middle managers.” While it seems like a targeted attack on one company, it’s still worth saying that being cautious remains key to your iPhone security.

Why isn’t Apple paying up?

As for the lack of bounty payment, that is anyone's best guess. 9to5 Mac points out that as a Russian company, Kaspersky could well be affected by sanctions on the country with the continuing war on Ukraine — although this is speculation on the part of the author.

Thanks to that lack of bounty payment Kaspersky says that it is now moving its focus away from iOS and towards the rival Android platform instead. “All employees of the company are now being issued corporate mobile devices on Android as planned, step by step. We left iOS not because it is less secure, but because we, as a security vendor, want to have more control over the security of devices” the firm explains — and really, can you blame it?

iPhone 15 Pro |$27 per month $5 per month at Verizon

iPhone 15 Pro | $27 per month $5 per month at Verizon

Look after your security, and the iPhone remains one of the most secure devices on the planet. This deal makes it a whole lot more affordable, with a device plan of only $5 per month.

More from iMore

Tammy Rogers
Senior Staff Writer

As iMore's Senior Staff writer, Tammy uses her background in audio and Masters in screenwriting to pen engaging product reviews and informative buying guides. The resident audiophile (or audio weirdo), she's got an eye for detail and a love of top-quality sound. Apple is her bread and butter, with attention on HomeKit and Apple iPhone and Mac hardware. You won't find her far away from a keyboard even outside of working at iMore – in her spare time, she spends her free time writing feature-length and TV screenplays. Also known to enjoy driving digital cars around virtual circuits, to varying degrees of success. Just don't ask her about AirPods Max - you probably won't like her answer.