A group of five researchers has managed to discover 55 security flaws in Apple services, and luckily those of Cupertino have been able to solve them in record time.
Large technology companies are the ones that have to pay much more attention to all the security of their infrastructures, software, and all kinds of hardware because millions of people, customers, and employees, are protected there, and a security breach can be catastrophic.
A team of security researchers analyzed various Apple online services over three months. Finding up to 55 vulnerabilities, 11 of which were treated as critical. The rest were 29 high severity, 13 medium severity, and two low severity vulnerabilities.
If they had been exploited, an attacker could have compromised the applications of customers and employees entirely. Being able to launch a worm-type malware capable of automatically taking over the victim’s iCloud account. But also recovering the source code of internal projects of Apple, fully compromise an industrial control warehouse software used by Apple. And even take over Apple employee sessions with the ability to access sensitive resource management tools.
As far as a routine use is concerned, these apple security flaws could have been exploited to hijack the iCloud account. And thus steal all photos, calendar information, videos, and documents. As well as being able to forward the same exploit to all of their contacts.
The researchers who found all the flaws were Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes and analyzed Apple services between July and September of this year.
As soon as the Cupertino people were informed, Apple took steps to correct the bugs within 1 to 2 days. And some bugs were even fixed in a short period of 4 to 6 hours. They have processed about 28 of the vulnerabilities so far. Paying discoverers a total of $ 288,500 as part of their bug bounty program.
Some of the most critical errors directly affected the Apple Distinguished Educators site that allowed an authentication bypass using a default password. Allowing the attacker to access the administrator console and execute arbitrary code.
They also found a bug in the password reset process associated with DELMIA Apriso, a warehouse management solution.
Likewise, a flaw related to a vulnerability in the Apple Books for Authors service. That writers use to help write and publish their books on the Apple Books platform.
There are many more errors, and some are reproduced in the video that accompanies the news.