Discover 55 new security flaws in Apple software and services

 Apple pays $288,000 to white-hat hackers who had run of company's network |  Ars Technica

A group of five researchers have managed to uncover 55 security flaws in Apple services, and luckily Cupertino’s have been able to solve them in record time.

The big technology is the ones that have to pay much more attention to all the security of their infrastructures, software and all kinds of hardware because they protect millions of people between customers and employees, and a security flaw can be catastrophic.

Now a team of security researchers went on to analyze several Apple online services for three months finding up to 55 vulnerabilities, 11 of which were treated as critical. The rest were 29 high-gravity, 13 medium-gravity, and 2 low-gravity vulnerabilities.

If an attacker had been exploited it could have fully compromised the applications of customers and employees, being able to launch a worm-like malware capable of automatically taking over the victim’s iCloud account, but also recovering the source code of Apple’s internal projects, fully compromising an industrial control store software used by Apple and even taking over the sessions of Apple employees with the ability to access sensitive resource management tools.

Data loss Archives - Security Curated

As far as a common user is more responsible, these bugs could have been exploited to hijack the iCloud account and thus steal all photos, calendar information, videos and documents, as well as being able to forward the same exploit to all their contacts.

The researchers who found all the bugs were by Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes and analyzed Apple’s services between July and September this year.

As soon as they informed Cupertino, Apple took steps to correct the bugs within 1 to 2 days and even some bugs were fixed within a short time of 4 to 6 hours. So far they have processed about 28 of the vulnerabilities by paying discoverers a total of $288,500 as part of their bug bounty program.

Seguridad Apple

Some of the most important errors were one that directly affected the Apple Distinguished Educators site that allowed an authentication bypass using a default password, allowing the attacker to access the administrator console and execute arbitrary code.

They also found a flaw in the password reset process associated with an application called DELMIA Apriso which is a warehouse management solution.

Also, a bug related to a vulnerability in the Apple Books for Authors service that writers use to help write and publish their books on the Apple Books platform.

Post a Comment