Friday, February 26, 11:43
Home security Researchers earned $ 50.000 after violating Apple servers!

Researchers earned $ 50.000 after violating Apple servers!

Researchers claim that they were awarded a $ 50.000 reward by Apple for identifying some critical vulnerabilities which gave them access to the servers of the technology giant. Harsh Jaiswal and Rahul Maini, vulnerability hunters based in India and specialize in safety said they discovered the vulnerabilities in recent months, inspired by a group of researchers who in October reported receiving hundreds of thousands of dollars from Apple after discovering 55 vulnerabilities, including those that exposed the source. code, accounts iCloud, warehouse software, and applications employees and customers.

Jaiswal and Maini said their research focused on central computers using a content management system (CMS) supported by Lucee, an open source scripting language designed for web application development.

Researchers won $ 50.000 for violating Apple servers!

According to Security Affairs, the researchers discovered during their analysis, three Apple hosts that exposed Lucee's management panel, including two related to a travel portal provided by Apple to employees. Only valid users can access this portal credentials.

Researchers have discovered a Lucee configuration that gave them unauthorized access to files. In this way, they were able to create a webshell on Apple servers and execute code arbitrarily. In addition, they were able to perform their tests without activating the web application firewall Apple.

Researchers won $ 50.000 for violating Apple servers!

Jaiswal and Maini said Apple decided to give them a $ 50.000 bug bounty after informing them of the vulnerabilities they had identified. They also contacted Lucee developers, who also took some steps to prevent malicious attacks.

The investigators also noted that Apple immediately corrected the reported vulnerabilities, but asked them not to disclose the issue before making any changes.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Pohackontas
Pohackontashttps://www.secnews.gr
Every accomplishment starts with the decision to try.

LIVE NEWS

Elon Musk confirms "high demand" for Tesla Model S / X

Elon Musk confirmed that Tesla has received "high demand" for the new updated Model S and Model X.

Twitter: You will be able to charge your followers to see your tweets!

Twitter announced on February 25 that it plans to add two new features to its platform: i) the ability for users to ...

Xbox Live: Why was it down for five hours?

Xbox Live has been down for more than 5 hours, affecting many of its features.

Defense industry: The main target of North Korean hackers!

Since the beginning of 2020, the hacking group "Lazarus" supported by North Korea targets the defense industry with a custom backdoor ...

Dutch Research Council: Confirms ransomware attack and data leakage

The Dutch Research Council (NWO) has confirmed that the recent attack on cyberspace, which forced it to disconnect its servers ...

SpaceX Starship: The first passenger of the #dearMoon project

On March 2, the first citizen to get tickets for the first SpaceX Starship to go to the moon, via #dearMoon ...

Wear OS: The phrase "OK Google" has not worked for months

The Wear OS smartwatch suddenly stopped responding to the "OK Google" command, do not worry you are not the only one experiencing this ...

Telegram: Automatically deletes messages with a timer

Telegram releases a new update for the iOS and Android application that brings features such as automatic deletion of messages, chat widget ...

Google is funding two developers to focus on Linux security

Linux is more secure than most operating systems, but that does not mean that its security can be taken for granted ....

AI can write a university paper in 20 minutes

AI can do many things extremely well. Something that can do relatively well is to write a university ...