A federal judge in the US has dismissed a copyright-infringement lawsuit filed by Apple against cybersecurity startup Corellium, in a case that could have big implications for researchers who attempt to find bugs and vulnerabilities in software.
Judge Rodney Smith on Tuesday ruled that Apple failed to show any legal basis for protecting its entire iOS operating system from security researchers.
Apple sued the Florida-based business in 2019, claiming its “virtualization” of iOS software constituted copyright infringement. However, the judge ruled that Corellium’s work, which is designed to find security flaws in the software, involves “fair use” of copyrighted materials.
“From the infancy of copyright protection, courts have recognized that some opportunity for fair use of copyrighted materials is necessary to fulfill copyright’s purpose of promoting ‘the progress of science and useful arts,’” Smith wrote.
“There is evidence in the record to support Corellium’s position that its product is intended for security research and, as Apple concedes, can be used for security research. Further, Apple itself would have used the product for internal testing had it successfully acquired the company.”
The ruling, if upheld, represents a victory for security researchers, who can face civil or criminal penalties for reproducing copyrighted software as part of their efforts to identify vulnerabilities.
It also limits Apple’s efforts to exercise full control of its iPhone software, and its ability to force third parties to use its proprietary security-research tools.
Apple did not immediately respond to a request for comment on the case.