According to Galov, Kaspersky Lab discovered a global cybercrime campaign on iOS in 2023 that experts called “the most sophisticated.” Hackers can silently install a spyware module on any iPhone via a simple iMessage. The user didn’t even need to follow links or click on anything.
However, an exploit was launched when opening a seemingly completely normal message. Moreover, we were talking about zero-day attacks (zero day) and hacking without user interaction (zero clicks).
Kaspersky Lab experts sent Apple a report that usually required a reward: in this case it was about $1 million. However, Apple did not do this, citing internal policies and without explaining the reasons.
Galov noted that the company he represents does not need a fee. However, it is customary to send this money to charity. However, Apple refused to pay for this either.
“We found zero-day, zero-click vulnerabilities, passed all the information to Apple, and did a useful job. Essentially, we report a vulnerability to them for which they must pay a bug bounty (reward for discovered vulnerability – RTVI). We do not need this fee, but there is a practice of donating such payments from large companies to charities. Without explanation, Apple refused to pay us, even to a charity, citing internal policies. It is unclear why they made such a decision, given how much information we provided them and how proactively we did it,” Galov said.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
