Subscriber
Account active
since

A group of hackers spent months targeting Apple’s sprawling online infrastructure and found a slew of vulnerabilities — including one that would allow hackers to steal files from people’s iCloud accounts — they announced in a blog post this week.

They were operating as “white hat” hackers, meaning their goal was to alert Apple to the vulnerabilities rather than to steal information. The team was led by 20-year-old Sam Curry, along with Brett Buerhaus, Ben Sadeghipour,  Samuel Erb, and Tanner Barnes.

“I had never worked on the Apple bug bounty program so I didn’t really have any idea what to expect but decided why not try my luck and see what I could find,” Curry said in the blog post. “Even though there was no guarantee regarding payouts nor an understanding of how the program worked, everyone said yes, and we began hacking on Apple.”

Apple has paid the group $288,500 so far through its bug bounty program in exchange for disclosing 55 vulnerabilities, 11 of which were labeled as “severe.” Curry said that once Apple processes and rewards all of the bugs the group reported, their total payment may exceed $500,000.

One of the most egregious vulnerabilities that the group found would have allowed hackers to build a worm that steals people’s iCloud files before infecting the iCloud accounts of their contacts. The vulnerability hinges on the fact that Apple Mail is supported by iCloud — the white hat hackers were able to compromise iCloud accounts after sending an email to an iCloud.com email address that contained malicious code.

In the process of seeking out the bugs, Curry and his team gained insight in the massive scale of Apple’s online infrastructure. Apple owns more than 25,000 web servers, which fall under Apple.com, iCloud.com, and over 7,000 other unique domains, the researchers found. Many of the vulnerabilities were discovered by searching through obscure web servers owned by Apple, like its Distinguished Educators site.

Cybersecurity experts who reviewed the research by Curry’s team said that, while some of the severe vulnerabilities are concerning, they reflect inherent challenges that should be expected for a company maintaining such huge online infrastructure.

“The breadth of issues identified within the vast Apple online presence … actually is more evidence of how difficult it is to keep on top of all security issues as organisations grow than a negative reflection of any security practices within Apple,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center, told Business Insider.

Source: https://www.businessinsider.com/hackers-find-55-flaws-in-apples-systems-win-288500-bounty-2020-10

Apple, Vulnerability, Computer security, Bug bounty program, White hat

World news – US – A group of hackers won $288,500 from Apple for telling the company about 55 bugs, including one that would’ve let an attacker steal someone’s iCloud photos

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide Ă  faire Ă©merger de nouvelles idĂ©es, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles maniĂšres de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une sociĂ©tĂ© de conseil devrait ĂȘtre plus que d’un conseiller. Nous nous mettons Ă  la place de nos clients, pour aligner nos incitations Ă  leurs objectifs, et collaborer pour dĂ©bloquer le plein potentiel de leur entreprise. Cela Ă©tablit des relations profondes et agrĂ©ables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des systĂšme de sĂ©curitĂ© et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here