A group of "white hat hackers" discovered 55 vulnerabilities in Apple services


Reaction score
The total reward for discovered vulnerabilities was $288,000.

A group of “white hat hackers” hacked Apple services for three months to identify weaknesses in their security system. Researchers have identified 55 vulnerabilities, some of which can be classified as critical.
“When we started this study, we had no idea that it would take just over three months to complete. We originally intended it to be a side project that we would work on periodically, but thanks to free time due to the pandemic, we each put several hundred hours into it,” Curry writes.

According to the hacker, his team was able to discover security problems in the key infrastructure of some Apple applications.

Apple responded quickly and immediately began fixing the problems. Some vulnerabilities were closed just four hours after they became known. The total amount of money they received was $51,500. This included $5,000 for discovering a vulnerability that allows them to find out the full name of an iCloud user, $6,000 for an IDOR vulnerability (Insecure Direct Object Reference), $6,500 for a method for gaining access to internal corporate environments and $34,000 for detecting system memory leaks containing user data.
A few hours after publication on the portal, Apple increased the payment amount to $288,500 for five. Sam Curry confirmed that Apple has settled with hackers for 32 of the 55 bugs found.
The most dangerous vulnerability discovered allows an attacker to automatically steal photos, videos and documents from the victim’s iCloud account, as well as his contact list.
With the permission of the Apple security service, the researchers published a detailed report, which describes in detail the vulnerabilities found, methods for their detection and possibilities of exploitation.
Last year, computer security experts at Google said that thousands of iPhone devices had been compromised using a vulnerability that had been seen in almost every version from iOS 10 to the latest iOS 12. The Project Zero team, which is a division of Google that tries to find and report security vulnerabilities in popular systems, confirmed that they had found evidence of mass hacking attempts on iPhones, which were likely to affect thousands of people over the past couple of years.