Back in December, Apple lost a copyright lawsuit against security research company Corellium, and today, Apple filed an appeal in that case, reports Reuters.
The judge in the copyright case determined that Corellium was operating under fair use terms and that its use of iOS was permissible, throwing out several of Apple's claims. For those unfamiliar with Corellium, the software is designed to replicate iOS exactly to allow security researchers to find bugs and vulnerabilities.
Apple claimed that Corellium illegally copied the iOS operating system and applications that run on the iPhone and iPad, and that it had violated the Digital Millennium Copyright Act by circumventing Apple's security measures.
Corellium argued that its software helps Apple by making it easier for security researchers to find flaws. Corellium also said that Apple was using its lawsuit to "crack down on jailbreaking" and that Apple's code in the product was fair use, which the judge agreed with.
Apple is appealing the verdict in this specific copyright lawsuit, which is separate from the settlement that Apple and Corellium reached earlier this month.
Apple and Corellium on August 10 settled a federal lawsuit that would have gone to trial on August 16, and this settlement was related to the DCMA claims. The terms of the settlement were confidential, and so far, Corellium is still selling its virtual iOS platform.
According to Reuters, security researchers are surprised that Apple has opted to revive its legal battle with Corellium after the settlement terms, and after Apple's Craig Federighi said that security researchers would serve as a check on its plans to scan iPhones and iPads for CSAM to make sure the scanning is limited to CSAM. Security researchers will be able to confirm that the database of images used to match CSAM content on user devices only consists of content from agencies like the National Center for Missing & Exploited Children.
Earlier today, Corellium said that it was launching an "Open Security Initiative" aimed at rewarding independent public research into mobile devices. Corellium's first focus is Apple's CSAM system and the company has called on security researchers to submit projects designed to validate "any security and privacy claims" from any mobile software vendor. Qualifying submissions will receive up to $5,000.
We applaud Apple's commitment to holding itself accountable by third-party researchers. We believe our platform is uniquely capable of supporting researchers in that effort. Our "jailbroken" virtual devices do not make use of any exploits, and instead rely on our unique hypervisor technology. This allows us to provide rooted virtual devices for dynamic security analysis almost as soon as a new version of iOS is released. In addition, our platform provides tools and capabilities not readily available with physical devices.
It's possible that Apple's decision to revive the Corellium lawsuit is related to Corellium's announcement earlier today. In a statement, Corellium Chief Executive Amanda Gordon told Reuters that "enough is enough." "Apple can't pretend to hold itself accountable to the security research community while simultaneously trying to make that research illegal," she said.
