A group of hackers won $288,500 from Apple for telling the company about 55 bugs, including one that would've let an attacker steal someone's iCloud photos
Five "white hat" - or ethical - hackers hacked Apple for three months, uncovering 55 vulnerabilities.
They won $ 288,500 in Apple bounties in exchange for exposing the bugs.
Eleven of these vulnerabilities were rated "critical," including one where hackers were able to steal all files and photos stored in a victim's iCloud account before infecting that person's contacts.
Apple fixed the vulnerabilities almost immediately after they were announced, the hackers said.
You can find more stories on the Business Insider homepage.
A group of hackers targeted Apple's sprawling online infrastructure for months and found a number of vulnerabilities - including one that would have allowed hackers to steal files from people's iCloud accounts - they said in a blog post this week known.
They acted as "white hat" hackers, which meant that their goal was to make Apple aware of the vulnerabilities rather than stealing information. The team was led by 20-year-old Sam Curry, who worked alongside Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes.
"I had never worked on the Apple Bug Bounty program before so I had no idea what to expect, but I decided to try my luck and see what I could find," Curry said on the blog post . "While there was no guarantee of payouts and no understanding of how the program worked, everyone said yes and we started hacking Apple."
To date, Apple has paid the group $ 288,500 through its bug bounty program to identify 55 vulnerabilities, 11 of which were rated "serious". Curry said once Apple processes and rewards all bugs reported by the group, their total payment could exceed $ 500,000.
One of the most outrageous vulnerabilities the group found would have allowed hackers to create a worm that steals people's iCloud files before infecting their contacts' iCloud accounts. The vulnerability depends on iCloud supporting Apple Mail. The white hat hackers were able to compromise iCloud accounts after sending an email to an iCloud.com email address that contained malicious code.
Apple fixed all of the vulnerabilities shortly after they reported it, Curry said.
While searching for the bugs, Curry and his team gained insights into the enormous size of Apple's online infrastructure. Apple owns more than 25,000 web servers that fall under Apple.com, iCloud.com, and over 7,000 other unique domains. Many of the vulnerabilities were discovered by searching obscure Apple web servers, such as the Distinguished Educators website.
Cybersecurity experts who reviewed the Curry team's research said that while some of the major vulnerabilities were worrying, they reflected the inherent challenges that would be expected for a company with such a large online infrastructure.
"The breadth of issues identified in Apple's vast online presence is more evidence of how difficult it is to keep track of all security issues as businesses grow than a negative reflection of security practices within Apple." says Tim Mackey. The Synopsys Cybersecurity Research Center's top security strategist told Business Insider.
In a statement to Business Insider, Apple said it valued the work of the white hat hackers, adding that the vulnerabilities have been fixed and there is no evidence that they were exploited by malicious actors.
"At Apple, we carefully protect our networks and have dedicated teams of information security professionals who work to identify and respond to threats. As soon as the researchers alert us to the issues described in their report, we have the vulnerabilities immediately fixed and measures taken to prevent future problems of this kind, "said the Apple spokesman. "We value our collaboration with security researchers to keep our users safe. We've credited the team with their support and will reward them through the Apple Security Bounty Program."
Read the full report on the results of the White Hat Hacker Team here.
Read the original article on Business Insider
You should check here to buy the best price guaranteed products.
Got $2.75 million? You could buy this 160-year-old San Fran restaurant
'Mortgage rates are probably going to remain attractive for probably a long time,' maybe a bit into 2022: Lending Tree's Kapfidze
Ariana Madix Sizzles in a Peachy Cheeky Bikini
The Bachelorette 's Katie Thurston Defends Being a "Basic F--king Girl" From Social Media Haters
Rape and ripping out fingernails: the extraordinary violence used by county lines gangs to exploit children
Refusing to be outdone by Lil Uzi Vert's forehead diamond, Post Malone gets some diamond fangs