The most terrible vulnerability the group found was to allow the hackers to build software that stole users' iCloud files (Getty Images)
A group of hackers won $ 288,500 from Apple for telling the company 55 errors, including one that would have allowed an attacker to steal iCloud photos of users.
According to a Business Insider report, a group of hackers spent months targeting Apple’s sprawling online infrastructure and found a plethora of vulnerabilities, including one that would have allowed hackers to steal files from people’s iCloud accounts.
And these hackers act as “white hat” hackers who do not pirate for criminal purposes. They aimed to alert Apple to vulnerabilities, not to steal information.
The team was led by Sam Carey, 20, who worked alongside Brett Powerhouse, Ben Sadeghipur, Samuel Earp, and Tanner Barnes.
“I have never worked on Apple’s bug bounty program, so I really had no idea what to expect, but I said why not try my luck and see what I could find,” Curry said in a post.
“Although there were no guarantees regarding payments or an understanding of how the program works, everyone said yes, and we started pirating Apple,” he added.
Apple has paid the group $ 288,500 so far through the “bug bounty” program, a vulnerability-hunting program launched by Apple. Hackers have uncovered 55 vulnerabilities, 11 of which were described as “dangerous.”
Carey said that once Apple addresses and rewards all the group’s errors, its total payments could exceed $ 500,000.
One of the most egregious vulnerabilities the group found would have allowed hackers to build software that stole users ‘iCloud files before infecting their contacts’ iCloud accounts.
The vulnerability is based on the fact that Apple Mail is supported by iCloud. The white hat hackers could break into iCloud accounts after sending an email containing malware to an iCloud.com email address.
Carey said Apple corrected all of the vulnerabilities shortly after reporting them.
Apple owns more than 25,000 web servers under the Apple.com and iCloud.com domains (Reuters)
Throughout the bug research process, Carey and his team gained insight into Apple’s online infrastructure’s sheer scale. They found that Apple has more than 25,000 web servers that fall under the Apple.com and iCloud.com domains, and more than 7,000 other domains.
And many security vulnerabilities were discovered by searching in the mysterious web servers owned by Apple, such as the Super Teacher site.
Cybersecurity experts who reviewed Cary’s team’s research said that although some of the severe vulnerabilities were worrisome, they reflect inherent challenges that must be anticipated for a company that maintains such a massive infrastructure through the Internet.
In a statement to Business Insider, Apple said it appreciates the white hat hackers’ work, adding that the security flaws have been corrected, and there is no evidence of their exploitation by malicious actors.
“At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals who work to discover and respond to threats. Once we alerted researchers to the problems they detailed in their report, we promptly fixed the vulnerabilities, and took steps to prevent issues from being hit,” an Apple spokesman said. This kind in the future. “
“We appreciate our cooperation with security researchers to help keep our users safe, and we have given credit to the team for helping them, and we will reward them with the rewards program,” he added.