Skip to main content

Researchers Found 55 Flaws in Apple's Corporate Network

posted onOctober 11, 2020
by l33tdawg
Wired
Credit: Wired

For months, Apple’s corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday.

Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information.

The 11 critical bugs were:

  •     Remote Code Execution via Authorization and Authentication Bypass
  •     Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
  •     Command Injection via Unsanitized Filename Argument
  •     Remote Code Execution via Leaked Secret and Exposed Administrator Tool
  •     Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
  •     Vertica SQL Injection via Unsanitized Input Parameter
  •     Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  •     Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
  •     Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
  •     Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
  •     Server-Side PhantomJS Execution allows attacker to Access Internal Resources and Retrieve AWS IAM Keys

Source

Tags

Apple Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th