Apple has filed a lawsuit against OpenAI, alleging that a former employee exploited a rare, previously unknown authentication bug to access and download confidential files after leaving the tech giant for a position at OpenAI. According to the complaint, the individual, identified as Chang Liu, a former system electrical engineer, allegedly accessed Apple's internal network using the vulnerability, which Apple described as a zero-day flaw, meaning it had not been publicly disclosed or patched prior to exploitation. The incident reportedly occurred weeks after Liu left Apple for a role at OpenAI. During this period, he allegedly downloaded dozens of confidential hardware-related files, including detailed information about unreleased products, engineering presentations, technical specifications, and proprietary project data. Apple claims Liu retained access to its internal systems through the unpatched vulnerability, which allowed him to continue accessing Apple's network even after his departure. According to the complaint, Liu did not report the bug to Apple as required under his employment agreement. He also failed to return his Apple-issued work laptop, which had been used to access Apple's internal systems. Apple stated that Liu allegedly claimed to have another computer, though it is unclear whether this assertion holds true. Additionally, Liu is accused of misusing the access of an acquaintance, Yu-Ting Peng, a former Apple employee who later joined OpenAI. While Peng was still employed at Apple, Liu allegedly used her issued work laptop to gain access to Apple's internal systems. Apple alleges that Liu attempted to access its network storage, a cloud-based file repository containing confidential engineering files, project documentation, and other proprietary information, during February 2026. This access was possible due to the authentication vulnerability, which allowed Liu to bypass standard security protocols. Although Apple did not specify the exact nature of the bug, authentication vulnerabilities typically involve weaknesses in login mechanisms or misconfigurations that permit unauthorized access. Apple has since addressed the issue by fixing the bug and terminating the former employee's access to its systems. The company emphasized that the vulnerability was rare and previously unknown, indicating that only a limited number of individuals might have been affected. Server logs reviewed by Apple suggest that only Liu exploited the bug to steal confidential information after leaving the company. The case underscores broader concerns regarding the protection of sensitive corporate data following an employee's departure. Organizations often struggle to ensure complete decommissioning of former employees' access, which can lead to potential security risks, data breaches, or malicious activities by disgruntled staff. Apple's response included immediate action to rectify the situation, highlighting the importance of robust security measures and timely updates to prevent similar incidents. Apple has not yet responded to inquiries about the specific details of the authentication bug, how it was exploited, or when the company decommissioned the former employee's credentials. The ongoing legal proceedings against OpenAI are expected to provide more clarity on the extent of the alleged data theft and the implications for both companies involved.
1 Berichte
TechCrunchUnabhängigMittegestern Apple sagt, dass ein ehemaliger Mitarbeiter einen "seltenen" Fehler ausgenutzt hat, um vertrauliche Dateien herunterzuladen, nachdem er für OpenAI gegangen warApple hat OpenAI verklagt und behauptet, dass ein ehemaliger Mitarbeiter, Chang Liu, eine "seltene" Zero-Day-Schwachstelle ausgenutzt hat, um nach dem Verlassen von Apple für OpenAI auf vertrauliche Daten zuzugreifen und diese zu stehlen. Laut der Beschwerde von Apple hat Liu mit dem Fehler auf das Apple-Netzwerk zugegriffen und Dutzende sensibler Dateien im Zusammenhang mit unveröffentlichten Produkten und proprietären Projekten heruntergeladen. Die Klage behauptet, Liu habe auch seinen von Apple ausgestellten Arbeitslaptop nicht zurückgegeben und möglicherweise den Zugriff auf einen anderen Apple-Mitarbeiter, Yu-Ting Peng, missbraucht, der später zu OpenAI kam. Apple behauptet, dass der Verstoß potenzielle Risiken für die Unternehmensdatensicherheit ausgesetzt hat und die Bedeutung der ordnungsgemäßen Stilllegung des Mitarbeiterzugangs hervorhebt. Das Unternehmen hat auf spezifische Anfragen über den Vorfall nicht reagiert.
Tendenz-Einschätzung (Mitte): Der Artikel präsentiert einen tatsächlichen Rechtsstreit zwischen zwei Unternehmen ohne offensichtliche ideologische Rahmen. Während das Thema Unternehmensspionage und Cybersicherheit beinhaltet, die breitere Auswirkungen haben können, bleibt der Ton neutral und konzentriert sich auf die Vorwürfe und Beweise, anstatt Partei zu ergreifen,
★
Halte die Nachrichten ehrlich.
ObjectiveNews ist leserfinanziert und werbefrei – wir zeigen dir den Bias, statt ihn zu verstecken. Unterstütze unabhängigen Journalismus für 5 €/Monat.
Unterstützer werden