55 New Security Flaws Reported in Apple Software and Services

Access & Authorization

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity.

The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications or launch a worm capable of automatically taking over a victim's iCloud account.

The flaws meant a bad actor could easily hijack a user's iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts.

After they were responsibly disclosed to Apple, the iPhone maker took steps to patch the flaws within 1-2 business days, with a few others fixed within a short span of 4-6 hours.

So far, Apple has processed about 28 of the vulnerabilities with a total payout of $288,500 as part of its bug bounty program.

Click here to take a look at the proof of concept video.

May 22, 2021 | by [email protected]