Sam Curry is a security researcher and white hat hacker. That means he looks for vulnerabilities in a system, and then reports those to the system's owner so they can fix it.

Apple has a "bug bounty" program where they will pay anyone who discovers and documents a vulnerability or bug. The severity of the issue dictates the amount they will pay for the discovery.

Cut to the chase: Sam and three hacker friends spent three months hacking Apple, they found some interesting stuff, and have (so far) made about $300k in bounties.

In this article he documents the most interesting of the vulnerabilities they found. But, the article is DENSE and very technical. If you aren't familiar with building/configuring web servers, CMS systems, coding at multiple levels, and how security structures are built in code, then this article is going to get confusing very fast.

There are also some really cool side notes in this article:

1. Apple owns the ENTIRE 17.0.0.0 IP Address range.

2. The most severe bugs Sam found were fixed four hours after they notified Apple.

3. The security in Apple's back-end systems is tight and non-obvious. They take security seriously.

4. (implied) Owning the entire ecosystem, top to bottom, is the only way to do security well. An open platform has too many uncontrolled access points to ever be truly secure.