2 min read

Security Researchers Awarded over $250,000 for Reporting 55 Vulnerabilities in Apple's Bug Bounty Program

Alina BÎZGĂ

October 12, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Security Researchers Awarded over $250,000 for Reporting 55 Vulnerabilities in Apple's Bug Bounty Program

A comprehensive three-month analysis of Apple’s online services has netted a team of security researchers a $288,500 reward after reporting critical vulnerabilities as part of its bug bounty program.

In total, the researchers disclosed 55 vulnerabilities, including 11 flagged critical, 29 high and 13 medium in severity.

If exploited, these vulnerabilities “would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account,” the researchers said.

Some flaws could even give bad actors the means to take over employees’ sessions, allowing access to management tools or sensitive resources.

As their report suggests, the iPhone manufacturer was highly responsive, fixing some critical bugs in just a couple of hours.

“Overall, Apple was very responsive to our reports. The turnaround for our more critical reports was only four hours between time of submission and time of remediation,” the researchers added.

The critical bugs flagged by security researchers include:

• Remote Code Execution via Authorization and Authentication Bypass
• Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
• Command Injection via Unsanitized Filename Argument
• Remote Code Execution via Leaked Secret and Exposed Administrator Tool
• Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
• Vertica SQL Injection via Unsanitized Input Parameter
• Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
• Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
• Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
• Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
• Server Side PhantomJS Execution allows an attacker to Access Internal Resources and Retrieve AWS IAM Keys

One of the critical bugs was found in the Apple Distinguished Educators website (“ade.apple.com”). The flaw could have letattackers access the administrator console and execute arbitrary code by byspassing authentication using a hidden default password.

A separate critical flaw could allow bad actors to steal iCloud data such as photos, calendar information and documents through a modified email address.

“There is a mail app on both iOS and Mac which is installed by default on the products,” the report reads.

“The mail service is hosted on “www.icloud.com” alongside all of the other services like file and document storage. This meant, from an attacker’s perspective, that any cross-site scripting vulnerability would allow an attacker to retrieve whatever information they wanted to from the iCloud service. We began to look for any cross-site scripting issues at this point.”

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read