Researchers Find 50+ Security Bugs In Apple Services


No online service, no matter the weight of the name attached to it, is ever fully secure. This maxim turns out to be true again as security researchers find over 50 security bugs in Apple‘s online services.

Five security researchers ran an analysis for three months and discovered vulnerabilities in Apple’s services, including iCloud, Apple Distinguished Educators site, DELMIA Apriso, etc. Out of these vulnerabilities, 11 were of critical severity, 29 of high severity, 13 of medium severity, and 2 of low severity.

The group of security experts includes Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes. They worked on this project, as a side hustle, from July to September.

The Security Bugs Detected In Apple Services

On his blog, Curry discussed that the security shortcomings were so serious that a hacker could have accessed sensitive information hosted on Apple’s servers about its employees as well as customers. The flaws could have even been exploited for accessing Apple’s internal projects and for compromising the company’s warehouse software.

The iCloud’s cross-site scripting issues meant that a worm could discreetly manipulate data stored on a user’s cloud storage. The hacker could even tinker with the user’s iCloud photos and videos.

Additionally, a full response SSRF (Server-side Request Forgery) on iCloud also allowed attackers to view anything on Apple’s internal network.

Moreover, security flaws in Apple Distinguished Educators website presented an opportunity for hackers to manipulate its user accounts.

As revealed by Curry, Apple was quick to respond to the security loopholes in its services. He noted that the company started eliminating these vulnerabilities shortly after his group informed it. Also, the tech giant promptly rectified the critical bugs in as little as 4 hours.

The security experts have also received a reported amount of $288,500 as part of Apple’s bug bounty program. The reward-based program acts as an incentive for security enthusiasts and also helps Apple make its products safer.

Priye Rai

Priye Rai

Priye is a tech writer who writes about anything remotely related to tech, including gaming, smartphones, social media, etc. He prefers to be called a "video game journalist" and grimaces when he doesn't get to be "Player 1." If you want to share feedback or talk about games, reach out to @priyeakapj on Twitter.
More From Fossbytes

Latest On Fossbytes

Find your dream job