Hacking Team Found 11 Critical Flaws on Apple’s Corporate Network

• A team of hackers has discovered 55 vulnerabilities in Apple’s corporate network, 11 of which are critical.
• The team is to receive about half a million USD as bounty payments, and they already got most of it.
• Apple assured that everything has already been fixed and that the team of hunters was the first to discover the flaws.

Hackers like to maintain that vulnerabilities are always there, and finding them is only a matter of looking deep for long enough. This is also the case for Apple’s corporate network, which was vulnerable to exploitation for months, as proven by a skillful hacking team.

Led by 20-year-old bug bounty hunter Sam Curry, a team of professional hackers consisting of five experts found flaws in Apple’s networks. These could have affected iCloud accounts, expose internal Apple projects, compromise warehouse software, take over employee sessions, and access management tools.

The hackers were present in Apple’s network for three months, discovering 55 vulnerabilities along the way, 11 of which were critical. More specifically, the nastiest of the flaws were the following:

1. Remote Code Execution via Authorization and Authentication Bypass
2. Authentication Bypass via Misconfigured Permissions allows Global Administrator Access
3. Command Injection via Unsanitized Filename Argument
4. Remote Code Execution via Leaked Secret and Exposed Administrator Tool
5. Memory Leak leads to Employee and User Account Compromise allowing access to various internal applications
6. Vertica SQL Injection via Unsanitized Input Parameter
7. Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
8. Wormable Stored XSS allows Attacker to Fully Compromise Victim iCloud Account
9. Full Response SSRF allows Attacker to Read Internal Source Code and Access Protected Resources
10. Blind XSS allows Attacker to Access Internal Support Portal for Customer and Employee Issue Tracking
11. Server-Side PhantomJS Execution allows an attacker to Access Internal Resources and Retrieve AWS IAM Keys

Read More: Apple T2 Is Vulnerable to Hacking and There Can Be No Fix for It

As the hackers point out, Apple maintains a massive infrastructure, consisting of 25,000 web servers and 7,000 unique domains. Thus, their discoveries don’t cover the entire spectrum of what could still be lying there, so a follow-up penetration testing should be considered a certainty.

For the flaws that were discovered this time, the researchers already received $288,000, while the total amount will definitely surpass the payout of half a million USD. Apple was quick to fix all of the reported vulnerabilities, sometimes in a couple of hours following Curry’s reporting.

The worrying part in this report is that at least two critical flaws were found almost immediately, using automated scanning. These flaws could have enabled malicious actors to access internal VPN servers and obtain crucial information about how Apple’s authorization and authentication system works, both for employees and for customers. Whether or not there were signs of this having happened hasn’t been touched by the researcher’s write-up, so we’ll take that as a “maybe.”

Apple has denied that possibility, claiming to see no evidence of that on the logs. The official statement from the company is the following: