Apple: fifty security flaws discovered in its infrastructure
As usual, digital giants tend to be challenged when vulnerabilities are discovered on their infrastructure.
This was the case for Apple when five cybersecurity researchers warned it had discovered more than 50 vulnerabilities. If basically it was just a game, it ended up becoming something more serious.
This article will also interest you: Security flaw on Safari: Google lays bare the vulnerability of Apple's browser
From July to October, in just three months, researchers named Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes, Sam Curry discovered 55 security flaws:
– 11 critical vulnerabilities
– 29 serious flaws
– 11 medium-level vulnerabilities
– 2 weak vulnerabilities
With all these discoveries, they managed to legally release nearly US$51,500 to Apple, as follows:
- $5,000 to disclose the complete name flaw for iCloud users
- $6,000 for IDOR security vulnerabilities
- $6,500 for a loophole to access the company's internal environment
- $34,000 for the discovery of system memory leaks containing personal customer data
It was, of course, as part of a bug-finding program that the Cupertino giant had opened since the end of 2019. For its part, the American company has been very reactive in immediately producing security patches to plug these vulnerabilities as soon as possible. In just a few days it should be noted and a few hours for some faults.
To achieve what can be called a feat, the research team focused on Apple's entire infrastructure. A fairly massive infrastructure that has the entire IP 17.0.0.0/8, covering a total of more than 25,000 web servers, including 10,000 for apple.com. The Cupertino-based firm also owns 7,000 domain names and its top-level domain, Apple. After an in-depth analysis of the security vulnerabilities discovered, the researchers mentioned that these vulnerabilities could have allowed hackers to infiltrate some of Apple's own computer programs, namely user applications and even those of Apple employees.
It would also have been possible to launch malware being able to steal confidential information from iCloud accounts. And even worse than that, hackers could have used the security flaw to steal the source code of some projects developed internally by Apple or even take control of software used by the American giant in order to manage certain activities in-house such as employee management, warehouse management or other important exchange. In short, all of the Cupertino's management tools were vulnerable.
Not all security vulnerabilities can be accurately described. However, the research team has received permission from American giant to detail some. It should be remembered only that this is a big trick, which will allow to increase even more the security determining Apple.
It is a view that bug premium programs are important enough for the safe development of any business. If for a long time Apple boasts of having the safest infrastructure possible, in recent years have demonstrated, that in no way can these infrastructures be invulnerable. Hackers have demonstrated this on several occasions.
Now access an unlimited number of passwords: