- Joined
- Dec 3, 2020
- Messages
- 1,353
The total amount of remuneration for discovered vulnerabilities was $ 288,000.
A group of "white hackers" has been hacking into Apple services for three months in order to identify weaknesses in their security system. Researchers have identified 55 vulnerabilities, some of which can be classified as critical.
“When we started this study, we had no idea that it would take a little over three months to complete. Initially, we conceived it as a side project, on which we will periodically work, but thanks to the free time due to the pandemic, each of us spent several hundred hours on it, ”writes Curry.
According to the hacker, his team was able to find security problems in the key infrastructure of some Apple applications.
Apple responded quickly and went straight to fixing the issues. Some vulnerabilities were closed just four hours after they became known. The total amount of funds received by them was $ 51,500. This includes $ 5,000 for the discovery of a vulnerability that allows you to find out the full name of the iCloud user, $ 6,000 for the IDOR (Insecure Direct Object Reference) vulnerability, $ 6,500 for a way to gain access to internal corporate environments and $ 34,000 for detecting user data leaks in system memory.
A few hours after the publication on the portal, Apple increased the payment amount - to $ 288,500 for five. Sam Curry confirmed that Apple has paid off 32 of the 55 bugs found.
The most dangerous vulnerability discovered allows an attacker to automatically steal photos, videos and documents from the victim's iCloud account, as well as a list of his contacts.
With the permission of Apple Security, the researchers have published a detailed report detailing the vulnerabilities found, how they were detected, and how they could be exploited.
Last year, computer security experts from Google said thousands of iPhones were compromised using a vulnerability that has been observed in almost every version from iOS 10 to the latest version of iOS 12. The Project Zero team, which is the arm of Google that tries to find and report security vulnerabilities in popular systems, confirmed that they have found evidence of attempts at mass iPhone hacking, from which with a high degree of probability thousands of people could be affected over the past couple of years.
A group of "white hackers" has been hacking into Apple services for three months in order to identify weaknesses in their security system. Researchers have identified 55 vulnerabilities, some of which can be classified as critical.
“When we started this study, we had no idea that it would take a little over three months to complete. Initially, we conceived it as a side project, on which we will periodically work, but thanks to the free time due to the pandemic, each of us spent several hundred hours on it, ”writes Curry.
According to the hacker, his team was able to find security problems in the key infrastructure of some Apple applications.
Apple responded quickly and went straight to fixing the issues. Some vulnerabilities were closed just four hours after they became known. The total amount of funds received by them was $ 51,500. This includes $ 5,000 for the discovery of a vulnerability that allows you to find out the full name of the iCloud user, $ 6,000 for the IDOR (Insecure Direct Object Reference) vulnerability, $ 6,500 for a way to gain access to internal corporate environments and $ 34,000 for detecting user data leaks in system memory.
A few hours after the publication on the portal, Apple increased the payment amount - to $ 288,500 for five. Sam Curry confirmed that Apple has paid off 32 of the 55 bugs found.
The most dangerous vulnerability discovered allows an attacker to automatically steal photos, videos and documents from the victim's iCloud account, as well as a list of his contacts.
With the permission of Apple Security, the researchers have published a detailed report detailing the vulnerabilities found, how they were detected, and how they could be exploited.
Last year, computer security experts from Google said thousands of iPhones were compromised using a vulnerability that has been observed in almost every version from iOS 10 to the latest version of iOS 12. The Project Zero team, which is the arm of Google that tries to find and report security vulnerabilities in popular systems, confirmed that they have found evidence of attempts at mass iPhone hacking, from which with a high degree of probability thousands of people could be affected over the past couple of years.
