‘We Hacked Apple for 3 Months: Here’s What We Found’

Sam Curry:

Between the period of July 6th to October 6th myself, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked together and hacked on the Apple bug bounty program. […] During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.

There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. […] As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).

This is some truly eye-popping stuff. Read-only access to the source code to iOS and MacOS? That’s a far cry from read-write access, but still well into “wow” territory. Hacker News has good commentary, including this sub-thread with perspective from Thomas Ptacek on the economics of bug bounty hunting.

Thursday, 8 October 2020