A group of hackers spent months targeting Apple’s sprawling online infrastructure and found a plethora of vulnerabilities, including one that would have allowed hackers to steal files from people’s iCloud accounts. Business Insider.
And these hackers act as “white hat” hackers who do not pirate with criminal purposes. Their goal was to alert Apple to vulnerabilities, not to steal information.
The team was led by Sam Carey, 20, who worked alongside Brett Bauerhouse, Ben Sadghapour, Samuel Earp and Tanner Barnes.
“I have never worked on Apple’s bug bounty program, so I really had no idea what to expect, but I said why not try my luck and see what I could find,” Curry said in a post.
“Although there were no guarantees regarding payments or an understanding of how the program works, everyone said yes, and we started pirating Apple,” he added.
Apple has paid the group $ 288,500 so far through the “bug-bounty” program, a vulnerability-hunting program launched by Apple. Hackers have uncovered 55 vulnerabilities, 11 of which were described as “dangerous.”
Carey said that once Apple addresses and rewards all of the errors reported by the group, its total payments could exceed $ 500,000.
One of the most egregious vulnerabilities the group found would have allowed hackers to build software that stole users ‘iCloud files before infecting their contacts’ iCloud accounts.
The vulnerability is based on the fact that Apple Mail is supported by iCloud. The white hat hackers were able to break into iCloud accounts after sending an email containing malware to an iCloud.com email address.
Carey said Apple corrected all of the vulnerabilities shortly after reporting them.
During the process of searching for errors, Carey and his team gained insight into the sheer scale of Apple’s online infrastructure. They found that Apple has more than 25,000 web servers that fall under the Apple.com and iCloud.com domains, and more than 7,000 other domains.
And many security vulnerabilities were discovered by searching in the mysterious web servers owned by Apple, such as the Super Teacher site.
Cybersecurity experts who reviewed the research by Cary’s team said that although some of the severe vulnerabilities were worrisome, they reflect inherent challenges that must be anticipated for a company that maintains such a massive infrastructure through the Internet.
In a statement to Business Insider, Apple said it appreciates the work of the white hat hackers, adding that the security flaws have been corrected, and there is no evidence of their exploitation by malicious actors.
“At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals who work to detect and respond to threats. Once we alerted researchers to the problems they detailed in their report, we immediately fixed the vulnerabilities, and took steps to prevent issues from being hit,” an Apple spokesman said This kind in the future. ”
“We appreciate our cooperation with security researchers to help keep our users safe, and we have given credit to the team for helping them and we will reward them with the rewards program,” he added.
These were the details of the news They found a dangerous vulnerability in iCloud … Apple is rewarding... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at saudi24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.