These critical vulnerabilities were reported to Apple by a team of young cyber security researchers.
Bug bounty programs happen to be effective as they offer independent ethical hackers the motivation to help companies find vulnerabilities.
A recent case is a testimony to this where a team of cyber security researchers has succeeded in finding a total of 55 vulnerabilities in Apple’s networks over a course of 3 months. The names and Twitter handle of researchers participated in Apple’s bug bounty program are:
Meanwhile, the 55 vulnerabilities were classified as the following:
11 as critical due to the extreme threat they posed of user data theft and access to Apple’s main network
29 as high severity
13 as medium severity
2 as low severity
All of these distributively include remote code execution, memory leaks, SQL injections & cross-site scripting (XSS) attacks, the details of which are available on the researchers’ official blog post.
Elaborating a bit on the consequences of the vulnerabilities, there were many. First, the iCloud accounts of users could be accessed using a worm leading to a serious privacy breach and potential phishing attacks.
Secondly, not only could Apple’s proprietary source code of its projects be exposed but the user sessions of Apple employees could also be taken over resulting in the attacker’s control “management tools and sensitive resources”.
Thirdly, Apple uses industrial control warehouse software which would also have been compromised. The following list comp ..
Support the originator by clicking the read the rest link below.
