A group of five researchers has managed to discover 55 security flaws in Apple services, and luckily those of Cupertino have been able to solve them in record time.
Large technology companies are the ones that have to pay much more attention to the security of their infrastructures, software, and all kinds of hardware because millions of people, customers, and employees, are protected there, and a security breach can be catastrophic.
A team of security researchers analyzed various Apple online services over three months. Finding up to 55 vulnerabilities, 11 of which were treated as critical. The rest were 29 high severity, 13 medium severity, and two low severity vulnerabilities.
An attacker could have compromised the applications of customers and employees if they had been exploited. For example, launching a worm-type malware can automatically take over the victim’s iCloud account. But also recovering the source code of internal projects of Apple fully compromises an industrial control warehouse software used by Apple. And even take over Apple employee sessions with the ability to access sensitive resource management tools.
As far as routine use is concerned, these apple security flaws could have been exploited to hijack the iCloud account. And thus steal all photos, calendar information, videos, and documents. As well as forward the same use to all of their contacts.
The researchers who found all the flaws were Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes, and they analyzed Apple services between July and September of this year.
As soon as the Cupertino people were informed, Apple took steps to correct the bugs within 1 to 2 days. And some bugs were even fixed in a short period of 4 to 6 hours. They have processed about 28 of the vulnerabilities so far. In addition, they were paying discoverers $ 288,500 as part of their bug bounty program.
Some of the most critical errors directly affected the Apple Distinguished Educators site, allowing an authentication bypass using a default password and the attacker to access the administrator console and execute arbitrary code.
They also found a bug in the password reset process associated with DELMIA Apriso, a warehouse management solution.
Likewise, a flaw related to a vulnerability in the Apple Books for Authors service. That writers use to help write and publish their books on the Apple Books platform.
There are many more errors; some are reproduced in the video accompanying the news.
Security Flaws in Virtualization Software: How to Mitigate Risks