Apple pays ethical hackers $288k for finding 55 vulnerabilities

If exploited the bugs would have provided access to Apple's infrastructure and sensitive user data

Apple has paid a group of ethical hackers $288,500 (£222,813) for finding and disclosing critical vulnerabilities in its network, some of which could have provided access to company infrastructure and iCloud data.

Since 6 July of this year, Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes have worked together as a part of Apple’s bug bounty programme. The team managed to discover a total of 55 vulnerabilities, 11 of which were of critical severity, 29 of high severity, 13 of medium severity, and two of low severity.

The 11 most critical bugs made it possible for the group to access Apple’s infrastructure and use it to potentially steal confidential information such as private emails and iCloud data.

Sam Curry said that the team “found a variety of vulnerabilities in core portions of [Apple’s] infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account" and "fully compromise an industrial control warehouse software used by Apple", as detailed in a blog covering three months of research.

He added that exploits may have also allowed hackers to "take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources".

The 11 vulnerabilities found to be critical were as follows:

  • Remote Code Execution via Authorization and Authentication Bypass
  • Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
  • Command Injection via Unsanitized Filename Argument
  • Remote Code Execution via Leaked Secret and Exposed Administrator Tool
  • Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
  • Vertica SQL Injection via Unsanitized Input Parameter
  • Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  • Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  • Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
  • Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
  • Server-Side PhantomJS Execution allows attacker to Access Internal Resources and Retrieve AWS IAM Keys

According to Curry, the “vast majority” of the 55 vulnerabilities have already been fixed.

“They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours),” he added.

Apple has so far paid the team a total of $288,500 for discovering the vulnerabilities, yet they could be awarded another quarter of a million dollars when the tech giant processes the entirety of their report.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

How to use machine learning and AI in cyber security
Security

How to use machine learning and AI in cyber security

30 Jul 2021
Chipotle’s marketing email hacked to send phishing emails
phishing

Chipotle’s marketing email hacked to send phishing emails

29 Jul 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

29 Jul 2021
Colonial Pipeline hack spurred copycat attacks on other oil and gas companies
hacking

Colonial Pipeline hack spurred copycat attacks on other oil and gas companies

29 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021