Working as Backend Developer at Masomo, Rıza Sabuncu and his friend Ertuğrul discovered two different vulnerabilities in different systems of Apple with their own efforts. Rıza and Ertuğrul, who reported the errors they found to the technology giant, were rewarded with $ 2,500 and $ 5,000, respectively.
Technology companies are award-winning companies to quickly fix gaps in their services of millions of lines of code. “bug bounty” or “bug hunting” programs in Turkish. Software developers who are interested in cyber security or system vulnerabilities report the vulnerabilities they find to giant companies. software developers in Turkey recently bug bounty also manages housing matters.
Not so much, finding Apple’s deficit just last May and rewarding it with $ 7,500 at the end of the process. Riza SabuncuAbout 1 month ago, Apple found another vulnerability. When we reach him, the gap in question “On a cloud service where Apple’s address formatting configurations (setting files) are required for development and where username and passwords are stored” stated that.
Then, for 15 days, a total of thousands of Apple’s subdomains sending billions of HTTP requests did the test. Rıza, who reported the situation to Apple in detail, stated that the deficit was resolved within approximately 3 hours. Normally, it takes months for Apple to review a report, reach out to the discoverer and work together if necessary and announce the award, but the whole process took 1 month in this vulnerability that Rıza discovered. This shows how critical the vulnerability it found is for Apple.
Another bounty hunter friend of Rıza, 18-year-old Ertugrul found Apple’s iTunes service open on a domain name. Stating that he discovered the vulnerability in about 1 hour on June 3 and that even AppleIDs could be affected as a result, Ertuğrul reported the details to Apple with video evidence within 1.5 hours. Apple partially fixed the vulnerability within the first 24 hours to prevent users from being affected, then the problem was completely eliminated on August 13 with regular updates.
Both software developers accepted the awards given:
Rıza Sabuncu won a $ 7,500 award from Apple after a 3-month process in May, thanks to the latest deficit he discovered. 2,500 USD was awarded with. If Ertuğrul 5,000 USD was awarded with. Both software developers accepted the award.
Congratulatory messages from social media flooded to Rıza, who tied Apple to tribute, so to speak, throughout 2020, and Ertuğrul, who reached the conclusion in one of his first tests, on the first day he decided to seek Apple’s deficit. Apple’s bug bounty program is a topic that attracts the attention of software developers around the world. If you are a developer and are interested in this subject, you can find the details of the program on Apple’s official page. In addition, you can view the video below for more detailed information about Rıza’s previous vulnerability.
if(!isMobile) { $(function(){
//facebook window.fbAsyncInit = function() { FB.init({ appId : '1037724072951294', xfbml : true, version : 'v2.5' }); };
(function(d, s, id){ var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) {return;} js = d.createElement(s); js.id = id; js.src = "https://connect.facebook.net/tr_TR/sdk.js"; fjs.parentNode.insertBefore(js, fjs); }(document, 'script', 'facebook-jssdk'));
$('body').on({ click: function() { // facebook save button ajax FB.XFBML.parse(); } }, '.facebook-save');
// share scroll if ($('.content-sticky').length > 0) { if ($(window).width() >= 768) { $(window).on('scroll', function () { var scrollTop = $(this).scrollTop(); $('article').each(function () { if (scrollTop >= ($(this).find('.content-body').offset().top - 76)) { $(this).find('.content-sticky').addClass('sticky'); if (scrollTop >= ($(this).find('.content-body').offset().top + $(this).find('.content-body').height() - ($(this).find('.content-sticky').height() + 92))) { $(this).find('.content-sticky').removeClass('sticky'); $(this).find('.content-sticky').css({'bottom': '0px', 'top': 'auto'}); } else { $(this).find('.content-sticky').addClass('sticky').css({ 'bottom': 'initial', 'top': '76px' }); } } else { $(this).find('.content-sticky').removeClass('sticky').css({'bottom': 'auto', 'top': '0'}); } }); }); } }
// share click $('body').on({ click: function (){ var $this = $(this), dataShareType = $this.attr('data-share-type'), dataType = $this.attr('data-type'), dataId = $this.attr('data-id'), dataPostUrl = $this.attr('data-post-url'), dataTitle = $this.attr('data-title'), dataSef = $this.attr('data-sef');
switch(dataShareType) { case 'facebook': FB.ui({ method: 'share', href: dataSef, }, function(response){ if (response && !response.error_message) { updateHit(); } });
break;
case 'twitter': shareWindow('https://twitter.com/intent/tweet?via=webtekno&text="+encodeURIComponent(dataTitle) + " %E2%96%B6 ' + encodeURIComponent(dataSef)); updateHit(); break;
case 'gplus': shareWindow('https://plus.google.com/share?url=" + encodeURIComponent(dataSef)); updateHit(); break;
case "mail': window.location.href="https://www.webtekno.com/mailto:?subject=" + encodeURIComponent(dataTitle) +'&body='+ encodeURIComponent(dataSef); //updateHit(); break;
case 'whatsapp': window.location.href="whatsapp://send?text=" + encodeURIComponent(dataTitle) +' %E2%96%B6 '+ encodeURIComponent(dataSef); updateHit(); break; }
function shareWindow (url) { window.open(url, "_blank", "toolbar=yes, scrollbars=yes, resizable=yes, top=500, left=500, width=400, height=400"); }
function updateHit () { $.ajax({ type: "POST", url: dataPostUrl, data: {contentId: dataId, contentType: dataType, shareType: dataShareType}, success: function(data) {
if ($('.video-showcase').length > 0) { var $container = $('.video-showcase'); } else if ($('article[data-id="' + dataId + '"]').length > 0) { var $container = $('article[data-id="' + dataId + '"]'); } else if ($('.wt-share-item[data-id="' + dataId + '"]').length > 0) { var $container = $('.wt-share-item[data-id="' + dataId + '"]'); } else { $container = null; }
//var $container = dataType == 'video' ? $('.video-showcase') : $('article[data-id="' + dataId + '"]');
if ( $container != null && $container.length > 0 ) { var $badged = $container.find('.wt-share-badge-' + dataShareType);
var $headerCount = $('.content-header').find('.wt-share-count'), $containerCount = $container.find('.wt-share-count'), value = parseInt($containerCount.html()) + 1;
$container.data('share', value); //$containerCount.html(value);
if ($headerCount.length > 0) { //$headerCount.html(value); }
if ( $badged.length > 0 && (dataShareType == 'facebook' || dataShareType == 'twitter')) { if ($badged.hasClass('is-visible')) { //$badged.html(data); } else { //$badged.addClass('is-visible').html(data); } } }
} }); } } }, '.wt-share-button') }); }