A team of hackers has discovered 55 vulnerabilities in Apple’s corporate network, 11 of which are critical.
The team is to receive about half a million USD as bounty payments, and they already got most of it.
Apple assured that everything has already been fixed and that the team of hunters was the first to discover the flaws.
Hackers like to maintain that vulnerabilities are always there, and finding them is only a matter of looking deep for long enough. This is also the case for Apple’s corporate network, which was vulnerable to exploitation for months, as proven by a skillful hacking team.
Led by 20-year-old bug bounty hunter Sam Curry, a team of professional hackers consisting of five experts found flaws in Apple’s networks. These could have affected iCloud accounts, expose internal Apple projects, compromise warehouse software, take over employee sessions, and access management tools.
The hackers were present in Apple’s network for three months, discovering 55 vulnerabilities along the way, 11 of which were critical. More specifically, the nastiest of the flaws were the following:
Remote Code Execution via Authorization and Authentication Bypass
Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
Command Injection via Unsanitized Filename Argument
Remote Code Execution via Leaked Secret and Exposed Administrator Tool
Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
Vertica SQL Injection via Unsanitized Input Parameter
As the hackers point out, Apple maintains a massive infrastructure, consisting of 25,000 web servers and 7,000 unique domains. Thus, their discoveries don’t cover the entire spectrum of what could still be lying there, so a follow-up penetration testing should be considered a certainty.
For the flaws that were discovered this time, the researchers already received $288,000, while the total amount will definitely surpass the payout of half a million USD. Apple was quick to fix all of the reported vulnerabilities, sometimes in a couple of hours following Curry’s reporting.
The worrying part in this report is that at least two critical flaws were found almost immediately, using automated scanning. These flaws could have enabled malicious actors to access internal VPN servers and obtain crucial information about how Apple’s authorization and authentication system works, both for employees and for customers. Whether or not there were signs of this having happened hasn’t been touched by the researcher’s write-up, so we’ll take that as a “maybe.”
Apple has denied that possibility, claiming to see no evidence of that on the logs. The official statement from the company is the following:
At Apple, we vigilantly protect our networks and have dedicated teams of information security professionals that work to detect and respond to threats. As soon as the researchers alerted us to the issues they detail in their report, we immediately fixed the vulnerabilities and took steps to prevent future issues of this kind. Based on our logs, the researchers were the first to discover the vulnerabilities so we feel confident no user data was misused. We value our collaboration with security researchers to help keep our users safe and have credited the team for their assistance and will reward them from the Apple Security Bounty program.
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: