Researcher Demands Cash for Bug Details

Researcher Demands Cash for Bug Details
Details of password-stealing bug in Apple's MacOS will remain secret unless Apple pays a bounty.

(CCM) — A security researcher is refusing to reveal details of a password-stealing bug in Apple's MacOS operating system unless the company pays him, the BBC is reporting.

Many companies operate "bug bounty" programs which pay researchers for the bugs that they discover, but Apple currently only offers rewards for bugs found in its iOS mobile operating system. It pays up to $200,000 for the most serious iOS bugs.

Linus Henze, a German security researcher, says that he is not withholding details of the bug he has found because he wants to benefit personally. "My motivation is to get Apple to create a bug bounty program. I think that this is the best for both Apple and researchers," he explained in the report.

Henze's move comes after a 14-year-old boy from Arizona was given a reward by Apple for revealing a bug in its FaceTime video-calling service that allowed people to eavesdrop on group FaceTime calls.

The boy's mother notified Apple several times about the bug in January 2019 without getting any response from Apple. But after Apple realized that the bug was serious and disabled group FaceTime calls until it had fixed the bug, it awarded the boy a bug bounty which is believed to include money to help pay for his education.

Image: © DrozdinVladimir -