Apple filled them with money: why were these people rewarded by the American giant

From tragedy to glory. The architect who indicators essentially the most lovely stadiums in English soccer

Archibald Leitch, whose profession nearly ended the day it started, will endlessly be remembered because the designer of the stands for Manchester United, Tottenham...

Antony Blinken, the Frenchified

The longer term US Secretary of State lived his childhood and adolescence in Paris within the Seventies in a cosmopolitan atmosphere marked by the...

FT: The UK will approve subsequent week the anti-COVID-19 vaccine developed by Pfizer and BioNTech. Deliveries will start in a couple of hours

The primary immunizations with the vaccine created by Pfizer and BioNTech will happen beginning December 7, the Monetary Occasions additionally wrote, citing sources.Additionally on...

Second spherical in Brazil: keys to municipal elections that put Jair Bolsonaro in examine

Mayors are elected in 57 cities, together with the giants São Paulo and Rio de Janeiro. The middle-right takes maintain and the president...

Tabaré Vázquez suffered a deep thrombosis and his well being is delicate

The previous Uruguayan president is combating lung most cancers. He's at residence, as he most well-liked not to enter the hospital.Former Uruguayan President...

A group of hackers spent months targeting Apple’s extensive online infrastructure and found a number of vulnerabilities. Including one that would have allowed hackers to steal files from people’s iCloud accounts.

They acted as “white hat” hackers, meaning their purpose was to alert Apple to vulnerabilities, rather than stealing information. The team was led by 20-year-old Sam Curry, who worked with Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes.

“I had never worked on the Apple Bug Rewards program, so I had no idea what to expect, but I decided to try my luck and see what I could find,” Curry said in a statement. blog post. “Even though there was no guarantee of payments and no understanding of how the program worked, everyone agreed and we started hacking Apple.”

Apple paid the group has so far raised $ 288,500 through its bug fix program in exchange for revealing 55 vulnerabilities, 11 of which have been labeled “severe.” Curry said that once Apple processes and rewards all errors reported by the group, their total payment can exceed $ 500,000.

One of the most egregious vulnerabilities discovered by the group allegedly allowed hackers to build a “worm” that steals people’s iCloud files before infecting their contacts’ iCloud accounts. The vulnerability depends on the fact that Apple Mail is supported by iCloud. Hackers managed to compromise iCloud accounts after sending an email to an iCloud.com address that contained malicious code.

Apple fixed all the vulnerabilities shortly after they were reported by hackers

In the process of finding errors, Curry and his team gained insight into the massive scale of Apple’s online infrastructure. The researchers found that Apple has more than 25,000 web servers, which fall under Apple.com, iCloud.com and more than 7,000 other unique domains. Many of the vulnerabilities were discovered by searching through Apple’s obscure web servers, such as its website Distinguished Educators.

Cybersecurity experts who analyzed Curry’s research said that while some of the severe vulnerabilities were worrisome, they reflected the inherent challenges that are expected of a company that maintains such a large online infrastructure.

“The density of issues identified in Apple’s vast online presence is, in fact, more evidence of how difficult it is to keep all security issues as organizations grow, than a negative reflection of any Apple security practices.” said Tim Mackey, the chief security strategist of Synopsys Cybersecurity Research Center, for Business Insider.

In a statement to Business Insider, Apple said it appreciated the work of the hackers, adding that the vulnerabilities had been fixed and that there was no evidence that they were being exploited by malicious individuals.

“At Apple, we carefully protect our networks and have dedicated teams of information security professionals who work to detect and respond to threats. As soon as the team alerted us to the issues they detail in their report, we immediately fixed the vulnerabilities and took steps to prevent future such issues, “said the Apple spokesman. “We appreciate our collaboration with security researchers to keep our users safe, and we have credited the team for their support and will reward them with the Apple Security Bounty program.”

trending

Related Articles