Discovering a series of security holes in Apple’s network, the hacker group was awarded nearly 7 billion VND by the Apple family

Tram Ho

Security is inherently one of the very strong points in Apple’s product ecosystem. However, the tech giant itself faces a lot of risk of leaking sensitive data and losing millions of customers’ information right in its online infrastructure. Therefore, the Apple family has always actively cooperated and rewarded many white hat hacker organizations through bug-bounty programs, to assist them in the process of detecting and fixing serious security vulnerabilities. .

Recently, Sam Curry, who is only 20 years old this year, has with his hacker team discovered a total of 55 security flaws in Apple’s data system. In particular, he assessed there are 11 particularly serious bugs, allowing him (and the crook) to take control of the Apple family’s infrastructure, thereby stealing emails, iCloud as well as many personal information. other people.

Phát hiện hàng loạt lỗ hổng bảo mật trong mạng lưới của Apple, nhóm hacker được chính nhà Táo trao thưởng gần 7 tỷ đồng - Ảnh 1.

The white hat hacker group led by Sam Curry has uncovered a lot of serious security flaws in Apple’s online infrastructure.

Sharing on his personal blog, Sam said: “ I have never participated in any error-receiving program organized by Apple, so I’m not sure if I can make porridge or porridge. However, I still decided to try my luck once to see if I would find out what errors. We do not know how the bug-bounty program that Apple organizes, nor do they know how they will pay, but the team still decided to take a shot .

Over the next several months, Sam along with associates, including Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes worked continuously on the program. One of the most serious vulnerabilities they’ve discovered could allow hackers to steal iCloud files, launch malicious code that can automatically attack and take control of a victim’s iCloud account. The victims here not only have millions of Apple global customers, but also employees who work for the tech giant.

Immediately after receiving the report from Sam’s hacker group, Apple immediately took action to deal with the most serious security vulnerabilities, and awarded him a reward worth $ 288,000 (more than 6.6 billion dong). However, Sam said that after successfully fixing all 55 vulnerabilities he discovered, Apple would probably have to pay up to $ 500,000 (nearly 11.6 billion) for his entire team.

Phát hiện hàng loạt lỗ hổng bảo mật trong mạng lưới của Apple, nhóm hacker được chính nhà Táo trao thưởng gần 7 tỷ đồng - Ảnh 2.

Apple did not hesitate to spend a huge amount of money to reward Sam and colleagues for their valuable discoveries.

During the process of participating in the bug – bounty program, in addition to the huge bonuses, Sam and his colleagues also got a detailed look at Apple’s vast online infrastructure. Specifically, this company owns more than 25,000 web servers, more than 7,000 different domain names. In it, they discovered a lot of security flaws by searching through less-known Apple servers, such as Distinguished Educators.

Cybersecurity experts after reviewing Sam’s team study said a lot of the flaws they discovered are serious and worrying. This also partly reflects the obvious challenges that Apple faces, as it is one of the companies maintaining such huge online infrastructure. Tim Mackey, a security expert at Synopsys Cyber ​​Security Research Center, said: “ The problems in Apple’s online system are proof that organizations get bigger and bigger, the more they get. more difficulties in protecting their infrastructure ”.

Phát hiện hàng loạt lỗ hổng bảo mật trong mạng lưới của Apple, nhóm hacker được chính nhà Táo trao thưởng gần 7 tỷ đồng - Ảnh 3.

As one of the most valuable companies in the world today, Apple is also facing a lot of security problems and cybersecurity due to having to manage a huge infrastructure.

In addition, Apple representatives said they always appreciate the efforts of white-hat hacker organizations in the field of security and cybersecurity. At the same time, they claim that all the critical vulnerabilities have been quickly fixed, and there is no evidence that the crooks have used them for their own gain.

We are very careful in protecting our networks and have a dedicated team of security experts to quickly handle the most serious issues promptly,” a spokesman for Apple said . Immediately after receiving the report from the researchers, we will immediately release the necessary patches, and devise strategies to avoid repeated mistakes in the future. We take our working relationship with such security organizations very seriously so that we can protect our customers. We recognize their contributions and will reward them properly in accordance with our Bounty program ”.

According to BusinessInsider

Share the news now

Source : Genk