Apple
News

Apple in trouble? Researchers find over 50 vulnerabilities

Jim Koohyar Biniyaz

It’s not as often that we hear about Apple’s services and products being ripe with vulnerabilities.

But over the last few months a team of five security researchers analyzed several Apple online services and found as many as 55 vulnerabilities, 11 of which are critical in severity.

We are talking about 29 high severity ones, 13 medium severity flaws and 2 low severity vulnerabilities that, according to researchers, could have allowed an attacker to “fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”

In short, thise flaws meant a bad actor could easily hijack a user’s iCloud account and steal everything stored there…

Take a look at the PoC.

Sam Curry Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes, the researchers who discovered the flaws disclosed their findings to Apple who promptly patched everything withing 1 or 2 day per flaw reported… (this stated in july).

So far, Apple has processed about 28 of the vulnerabilities with a total payout of $288,500 as part of its bug bounty program.

The critical bugs by the team are:

  1. Remote Code Execution via Authorization and Authentication Bypass
  2. Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
  3. Command Injection via Unsanitized Filename Argument
  4. Remote Code Execution via Leaked Secret and Exposed Administrator Tool
  5. Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
  6. Vertica SQL Injection via Unsanitized Input Parameter
  7. Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  8. Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  9. Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
  10. Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
  11. Server Side PhantomJS Execution allows an attacker to Access Internal Resources and Retrieve AWS IAM Keys

Weekly Updates For Our Loyal Readers!

Share this Article
Lost your password?