For months, Apple’s corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday.
ARS TECHNICA
This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED's parent company, Condé Nast.
Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information.
The 11 critical bugs were:
Remote Code Execution via Authorization and Authentication Bypass
Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
Command Injection via Unsanitized Filename Argument
Remote Code Execution via Leaked Secret and Exposed Administrator Tool
Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
Vertica SQL Injection via Unsanitized Input Parameter
Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
Server-Side PhantomJS Execution allows attacker to Access Internal Resources and Retrieve AWS IAM Keys
Apple promptly fixed the vulnerabilities after Curry reported them over a three-month span, often within hours of his initial adv ..
Support the originator by clicking the read the rest link below.
