Apple says former employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI
AI-summarised brief · reviewed before publication
Apple filed a lawsuit against OpenAI, alleging the theft of trade secrets by former employee Chang Liu. The complaint claims Liu exploited a rare, previously unknown zero-day authentication bug to access Apple’s confidential network after leaving for OpenAI. Despite terminating his access, Liu allegedly downloaded dozens of sensitive files containing unreleased product details and engineering specifications over several weeks. Apple asserts Liu failed to report the vulnerability or return his work laptop, violating his employment agreement. Additionally, Liu allegedly misused the credentials of an acquaintance, Yu-Ting Peng, who was still employed at Apple. The company states that server logs indicate only Liu exploited this specific security breach. Apple has since patched the vulnerability. The lawsuit highlights significant challenges in securing corporate data against departing employees who retain unauthorized access through unpatched system flaws.
💡 Why It Matters
- · The case exposes critical gaps in offboarding protocols, proving that immediate credential revocation is insufficient if underlying authentication flaws persist.
- · It serves as a stark warning that zero-day vulnerabilities can be weaponized by insiders long after their employment ends.