A group of hackers won $ 288,500 from Apple for telling the company 55 errors, including one that would have allowed an attacker to steal iCloud photos of users.
A group of hackers spent months targeting Apple’s sprawling online infrastructure and found a plethora of vulnerabilities, including one that would have allowed hackers to steal files from people’s iCloud accounts, according to a Business Insider report.
And these hackers act as “white hat” hackers who do not pirate with criminal purposes. Their goal was to alert Apple to vulnerabilities, not to steal information.
The team was led by Sam Carey, 20, who worked alongside Brett Bowerhouse, Ben Sadeghipur, Samuel Earp and Tanner Barnes.
“I have never worked on Apple’s bug bounty program, so I really had no idea what to expect, but I said why not try my luck and see what I could find,” Curry said in a post.
“Although there were no guarantees regarding payments or understanding how the program works, everyone said yes, and we started piracy Apple,” he added.
Apple has paid the group $ 288,500 so far through the “bug-bounty” program, a vulnerability-hunting program launched by Apple. Hackers have uncovered 55 vulnerabilities, 11 of which were described as “dangerous.”
Carey said that once Apple addresses and rewards all the errors reported by the group, its total payments could exceed $ 500,000.
One of the most egregious vulnerabilities the group found would have allowed hackers to build software that stole users ‘iCloud files before infecting their contacts’ iCloud accounts.
The vulnerability is based on the fact that Apple Mail is supported by iCloud. The white hat hackers were able to break into iCloud accounts after sending an e-mail containing malicious software to an e-mail address at iCloud.com.
Carey said Apple corrected all of the vulnerabilities shortly after reporting them.
Throughout the bug research process, Carey and his team gained insight into the sheer scale of Apple’s online infrastructure. They found that Apple has more than 25,000 web servers that fall under the Apple.com and iCloud.com domains, and more than 7,000 other domains.
And many security vulnerabilities were discovered by searching in the mysterious web servers owned by Apple, such as the Super Teacher site.
Cybersecurity experts who reviewed the research by Cary’s team said that although some of the severe vulnerabilities were worrisome, they reflect inherent challenges that must be anticipated for a company that maintains such a massive infrastructure through the Internet.
In a statement to Business Insider, Apple said it appreciates the work of the white hat hackers, adding that the security flaws have been corrected, and there is no evidence of their exploitation by malicious actors.
“At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals who work to discover and respond to threats,” an Apple spokesman said. Once we alerted the researchers to the problems they detailed in their report, we immediately fixed the weaknesses, and took steps to prevent issues of this kind in the future.
“We appreciate our cooperation with security researchers to help keep our users safe, and we have given credit to the team for helping them and we will reward them with the rewards program,” he added.
These were the details of the news Apple is rewarding hackers with $ 280,000 after discovering vulnerabilities in... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at saudi24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.