2 min read

Security Researchers Awarded over $250,000 for Reporting 55 Vulnerabilities in Apple's Bug Bounty Program

Alina BÎZGĂ

October 12, 2020

Security Researchers Awarded over $250,000 for Reporting 55 Vulnerabilities in Apple's Bug Bounty Program

A comprehensive three-month analysis of Apple’s online services has netted a team of security researchers a $288,500 reward after reporting critical vulnerabilities as part of its bug bounty program.

In total, the researchers disclosed 55 vulnerabilities, including 11 flagged critical, 29 high and 13 medium in severity.

If exploited, these vulnerabilities “would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account,” the researchers said.

Some flaws could even give bad actors the means to take over employees’ sessions, allowing access to management tools or sensitive resources.

As their report suggests, the iPhone manufacturer was highly responsive, fixing some critical bugs in just a couple of hours.

“Overall, Apple was very responsive to our reports. The turnaround for our more critical reports was only four hours between time of submission and time of remediation,” the researchers added.

The critical bugs flagged by security researchers include:

• Remote Code Execution via Authorization and Authentication Bypass
• Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
• Command Injection via Unsanitized Filename Argument
• Remote Code Execution via Leaked Secret and Exposed Administrator Tool
• Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
• Vertica SQL Injection via Unsanitized Input Parameter
• Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
• Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
• Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
• Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
• Server Side PhantomJS Execution allows an attacker to Access Internal Resources and Retrieve AWS IAM Keys

One of the critical bugs was found in the Apple Distinguished Educators website (“ade.apple.com”). The flaw could have letattackers access the administrator console and execute arbitrary code by byspassing authentication using a hidden default password.

A separate critical flaw could allow bad actors to steal iCloud data such as photos, calendar information and documents through a modified email address.

“There is a mail app on both iOS and Mac which is installed by default on the products,” the report reads.

“The mail service is hosted on “www.icloud.com” alongside all of the other services like file and document storage. This meant, from an attacker’s perspective, that any cross-site scripting vulnerability would allow an attacker to retrieve whatever information they wanted to from the iCloud service. We began to look for any cross-site scripting issues at this point.”

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read