Wormable Apple iCloud Bug Allows Automatic Photo Theft
Ethical hackers so far have earned nearly $300K in payouts from the Apple bug-bounty program for discovering 55 bugs, 11 of them critical, during a three-month hack.
A group of ethical hackers cracked open Apple’s infrastructure and systems and, over the course of three months, discovered 55 vulnerabilities, a number of which would have given attackers complete control over customer and employee applications.
Of note, a critical, wormable iCloud account takeover bug would allow attackers to automatically steal all of a victim’s documents, photos, videos and more.
The discovery by hackers Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb and Tanner Barnes demonstrated key weaknesses in the company’s “massive” infrastructure while it also earned the team nearly $300,000 to date in rewards for their efforts, Curry wrote in an extensive blog post detailing the team’s findings.