What you need to know
- A group of hackers spent three months hacking on Apple's Security Bounty program.
- The group found vulnerabilities in various bits of Apple's infrastructure.
- The team has already received $51,000 in bounty payouts and is expecting even more.
A group of hackers has detailed how they spent three months hacking Apple, uncovering various vulnerabilities, and cashing in on Apple's Security Bounty program in the process.
The group; Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes, tackled Apple's infrastructure high and low over the course of three months. From the report:
The group says they found 55 total vulnerabilities of varying severity, some being critical, others a mix of high, medium, and low severity. They also stated that Apple had addressed "the vast majority" of their findings, usually within one or two business days, and sometimes just a few hours.
The team was driven to capitalize on the program after realizing that Apple's Security Bounty Program extends beyond Apple's physical products to their web assets and infrastructure too. Curry writes:
The report goes into immense detail regarding various vulnerabilities and strategies around finding and attacking weaknesses, and from the response on Twitter, sounds like a must-read for anyone with interest in the subject.
In conclusion, the team writes as of October 4, it has received four payments totaling $51,500. Specifically:
$5,000 - Disclosing the Full Name of iCloud users via Editor Invitation on redacted $6,500 - Gopher/CRLF Semi-Blind SSRF with Access to Internal Corporate Environments $6,000 - IDOR on https://redacted/ $34,000 - Multiple eSign environments vulnerable to system memory leaks containing secrets and customer data due to public-facing actuator heapdump, env, and trace
Speaking directly to iMore, Curry said whilst the team has received payouts for the aforementioned issues, they're hoping to cash in on around 30-40 more issues that meet the criteria specified on Apple's bounty page. One of these vulnerabilities could be worth as much as $100,000.
On Apple's Security Bounty program, Curry told us:
The news and the team's work is a testament to the success of Apple's Security Bounty program in helping researchers to pin down problems in Apple's ecosystem before they become issues.
You can (and should) read the full report here.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9