20-Year-Old Hacker & Crew Find “Critical Vulnerabilities” At Apple, Collect $288,500

A 20-year-old and a team of fellow hackers he assembled after reading about Apple’s bounty program discovered 55 vulnerabilities at Apple. Eleven of them were designated “critical.” They worked on the project for about three months, and as of October 8 had been paid $288,500 by the company. Sam Curry, the 20-year-old who assembled the crew, says he got interested after reading about another hacker who had collected $100,00 from Apple for discovering a flaw that could compromise customer accounts. He realized Apple was paying a bounty for finding internal vulnerabilities, not just glitches in products, and he decided to try his luck, bringing in some other hackers he’d worked with previously “in order to make the project more fun.” Curry writes that as of October 6 the vast majority of the problems they found had been fixed, usually within a couple of days, and some in as little as four to six hours. Apple gave permission for Curry to post his account of the project on his website.