CommunityNews

CommunityNews

How I Found a Vulnerability to Hack iCloud Accounts and How Apple Reacted to It

This article is about how I found a vulnerability on Apple forgot password endpoint that allowed me to takeover an iCloud account. The vulnerability is completely patched by Apple security team and it no longer works. Apple Security Team rewarded me $18,000 USD as a part of their bounty program but I refused to receive it. Please read the article to know why I refused the bounty.

After my Instagram account takeover vulnerability, I realized that many other services are vulnerable to race hazard based brute forcing. So I kept reporting the same with the affected service providers like Microsoft, Apple and a few others.

Many people mistook this vulnerability as typical brute force attack but it isn’t. Here we are sending multiple concurrent requests to the server to exploit the race condition vulnerability present in the rate limits making it possible to bypass it.

Now lets see what I found in Apple.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Most Liked

OvermindDL1

OvermindDL1

Very unethical of Apple…

Where Next?

Popular Macos topics Top

AstonJ
Nice to see the chip space being shook up - look forward to when we have 64 Core+ chips in our personal computers :nerd_face: Also good ...
New
First poster: bot
TLDR: Render Disney’s Moana scene in less than 10.000 lines of Swift code. After Walt Disney Animation Studios released the scene descri...
New
First poster: bot
Hardware Security and Biometrics System Security Encryption and Data Protection App Security Services Security Network Sec...
New
First poster: bot
Malicious hackers have been exploiting a vulnerability in fully updated versions of macOS that allowed them to take screenshots on infect...
New
First poster: bot
Swift is about to get its Concurrency features. Their development is going very well, with many proposals actively reviewed and a lot of ...
New
First poster: OvermindDL1
Meet Safari 15: redesigned and ready to help people explore the web. Discover how you can approach designing websites and apps for Safari...
New
First poster: bot
Learn how to use the brand new actor model to protect your application from unwanted data-races and memory issues.
New
First poster: bot
First Look: macOS Monterey Public Beta. If there’s a theme of Apple’s operating-system releases in 2021, it’s platform unification. This...
New
First poster: bot
Apple broke up with me :cry:. Do not get too attached to your Apple account; it belongs to Apple, NOT YOU!
New
AstonJ
Well my dev environment started to mess up so thought it was time for a clean install - I’ve been meaning to do one for a while anyway. T...
New

Other popular topics Top

PragmaticBookshelf
Learn from the award-winning programming series that inspired the Elixir language, and go on a step-by-step journey through the most impo...
New
dasdom
No chair. I have a standing desk. This post was split into a dedicated thread from our thread about chairs :slight_smile:
New
PragmaticBookshelf
Design and develop sophisticated 2D games that are as much fun to make as they are to play. From particle effects and pathfinding to soci...
New
DevotionGeo
I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...
New
AstonJ
You might be thinking we should just ask who’s not using VSCode :joy: however there are some new additions in the space that might give V...
New
AstonJ
poll poll Be sure to check out @Dusty’s article posted here: An Introduction to Alternative Keyboard Layouts It’s one of the best write-...
New
AstonJ
In case anyone else is wondering why Ruby 3 doesn’t show when you do asdf list-all ruby :man_facepalming: do this first: asdf plugin-upd...
New
PragmaticBookshelf
Learn different ways of writing concurrent code in Elixir and increase your application's performance, without sacrificing scalability or...
New
CommunityNews
A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...
New
NewsBot
Node.js v22.14.0 has been released. Link: Release 2025-02-11, Version 22.14.0 'Jod' (LTS), @aduh95 · nodejs/node · GitHub
New