Apple pays ethical hackers $288k for finding 55 vulnerabilities

If exploited the bugs would have provided access to Apple's infrastructure and sensitive user data

Apple has paid a group of ethical hackers $288,500 (£222,813) for finding and disclosing critical vulnerabilities in its network, some of which could have provided access to company infrastructure and iCloud data.

Since 6 July of this year, Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes have worked together as a part of Apple’s bug bounty programme. The team managed to discover a total of 55 vulnerabilities, 11 of which were of critical severity, 29 of high severity, 13 of medium severity, and two of low severity.

The 11 most critical bugs made it possible for the group to access Apple’s infrastructure and use it to potentially steal confidential information such as private emails and iCloud data.

Sam Curry said that the team “found a variety of vulnerabilities in core portions of [Apple’s] infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account" and "fully compromise an industrial control warehouse software used by Apple", as detailed in a blog covering three months of research.

He added that exploits may have also allowed hackers to "take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources".

The 11 vulnerabilities found to be critical were as follows:

  • Remote Code Execution via Authorization and Authentication Bypass
  • Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
  • Command Injection via Unsanitized Filename Argument
  • Remote Code Execution via Leaked Secret and Exposed Administrator Tool
  • Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
  • Vertica SQL Injection via Unsanitized Input Parameter
  • Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  • Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  • Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
  • Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
  • Server-Side PhantomJS Execution allows attacker to Access Internal Resources and Retrieve AWS IAM Keys

According to Curry, the “vast majority” of the 55 vulnerabilities have already been fixed.

“They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours),” he added.

Apple has so far paid the team a total of $288,500 for discovering the vulnerabilities, yet they could be awarded another quarter of a million dollars when the tech giant processes the entirety of their report.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
CMS platforms succumb to KashmirBlack botnet as businesses rush online
Security

CMS platforms succumb to KashmirBlack botnet as businesses rush online

22 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020