In December, Apple lost a copyright lawsuit against security research company Corellium. On Tuesday, Apple filed an appeal on that verdict.
Apple lost a legal battle against software virtualization firm Corellium copyright infringement covering iOS, iTunes, and other Apple assets. Apple sued the company in 2019, as Corellium software is designed to replicate iOS to allow security researchers to locate bugs and security flaws.
A Florida judge threw out Apple’s claims that Corellium violated copyright law with its software. The judge ruled that Corellium operates under fair use terms.
Corellium touted its software product as running “real iOS — with real bugs that have real exploits,” Apple had not licensed iOS, iTunes, or its user interface technologies for use by Corellium.
Apple said Corellium’s servers were illegally hosting numerous copies of iOS. The alleged infringement also included copies of iTunes. Apple said the company didn’t appear to require its customers to limit the use of its products to research and testing, nor did the firm require customers to disclose discovered bugs and vulnerabilities to Apple.
Reuters reports that Apple is appealing the verdict in this specific copyright lawsuit, which is separate from the settlement that Apple and Corellium reached earlier this month.
An August 10 settlement between the two firms was related to the DCMA claims. The terms of the settlement were confidential, and so far, Corellium is still selling its virtual iOS platform.
Experts said they were also surprised that Apple revived a fight against a major research tool provider just after arguing that researchers would provide a check on its controversial plan to scan customer devices.
“Enough is enough,” said Corellium Chief Executive Amanda Gorton. “Apple can’t pretend to hold itself accountable to the security research community while simultaneously trying to make that research illegal.”
On Tuesday, Corellium announced that it was launching an “Open Security Initiative” aimed at rewarding independent public research into mobile devices. Corellium said its first efforts would focus on Apple’s CSAM system. The company is asking security researchers to submit projects designed to validate “any security and privacy claims” from any mobile software vendor. Qualifying submissions will receive up to $5,000.
We applaud Apple’s commitment to holding itself accountable by third-party researchers. We believe our platform is uniquely capable of supporting researchers in that effort. Our “jailbroken” virtual devices do not make use of any exploits, and instead rely on our unique hypervisor technology. This allows us to provide rooted virtual devices for dynamic security analysis almost as soon as a new version of iOS is released. In addition, our platform provides tools and capabilities not readily available with physical devices.