Google asserts that an Apple employee discovered a security flaw but failed to report it

One Apple employee who discovered a zero-day vulnerability but failed to disclose it so that the business could begin working on a remedy is not likely to win Google’s approval. Although the employee’s weakness doesn’t pose a serious security risk, Google is unhappy with how it learned about the problem.

According to the official statement in the bug report, Google was ignorant of a zero-day security vulnerability that had no known remedy and placed the safety of millions of users at risk.

What’s now important is how Google learned about the issue and who reported it. The problem, which was first identified by the Apple employee who took part in the Capture The Flag hacking event in March of this year, was allegedly reported by an unknown individual, according to the business.

According to the Google employee, “This issue was reported by sisu from CTF team HXP and discovered by a member of Apple Security Engineering and Architecture (SEAR) during HXP CTF 2022.” These kinds of incidents happen often, but what makes this one so remarkable is that the Apple employee chose not to disclose the problem.

According to reports, the individual was preoccupied with other tasks and opted to wait it out before reporting the problem to Google, by which time the business had already received the bug report from another person. According to the bug report information, the problem was resolved on March 29 and Google gave $10,000 (about Rs 8 lakh) to the individual who reported the fault, not the Apple employee who first discovered it.

The prevalence of zero-day vulnerabilities is concerning for companies like Apple, Google, and Microsoft, among others. In order for a remedy to be released to the public before these vulnerabilities have a significant effect on the market, they need ongoing help from hacking groups.