CommunityNews

CommunityNews

How I Found a Vulnerability to Hack iCloud Accounts and How Apple Reacted to It

This article is about how I found a vulnerability on Apple forgot password endpoint that allowed me to takeover an iCloud account. The vulnerability is completely patched by Apple security team and it no longer works. Apple Security Team rewarded me $18,000 USD as a part of their bounty program but I refused to receive it. Please read the article to know why I refused the bounty.

After my Instagram account takeover vulnerability, I realized that many other services are vulnerable to race hazard based brute forcing. So I kept reporting the same with the affected service providers like Microsoft, Apple and a few others.

Many people mistook this vulnerability as typical brute force attack but it isn’t. Here we are sending multiple concurrent requests to the server to exploit the race condition vulnerability present in the rate limits making it possible to bypass it.

Now lets see what I found in Apple.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Most Liked

OvermindDL1

OvermindDL1

Very unethical of Apple…

Where Next?

Popular Macos topics Top

First poster: bot
The Mac has always been very different from its close relative, iOS, especially when it comes to what a user is or is not allowed to run ...
New
First poster: bot
The release of Apple Silicon-based Macs at the end of last year generated a flurry of news coverage and some surprises at the machine’s p...
New
First poster: bot
Hardware Security and Biometrics System Security Encryption and Data Protection App Security Services Security Network Sec...
New
First poster: bot
What is ownership? Ownership is the responsibility of some piece of code to eventually cause a value to be destroyed. An ownership system...
New
First poster: bot
Apple has acquired about 100 companies over the last six years, the company’s chief executive Tim Cook has revealed. That works out at a...
New
First poster: bot
The Swift concurrency model intends to provide a safe programming model that statically detects data races and other common concurrency b...
New
First poster: AstonJ
Over the past few years, Apple seems increasingly willing to cooperate with authoritarian governments, uninterested in protecting its own...
New
First poster: bot
Swift is about to get its Concurrency features. Their development is going very well, with many proposals actively reviewed and a lot of ...
New
First poster: bot
Apple Makes OS X Lion and Mountain Lion Free to Download. Apple recently dropped the $19.99 fee for OS X Lion and Mountain Lion, making ...
New
First poster: bot
Why aren’t the most useful Mac apps on the App Store?. While developing a simple app that I really wanted to publish on the App Store, I...
New

Other popular topics Top

AstonJ
A thread that every forum needs! Simply post a link to a track on YouTube (or SoundCloud or Vimeo amongst others!) on a separate line an...
New
ohm
Which, if any, games do you play? On what platform? I just bought (and completed) Minecraft Dungeons for my Nintendo Switch. Other than ...
New
AstonJ
Curious to know which languages and frameworks you’re all thinking about learning next :upside_down_face: Perhaps if there’s enough peop...
New
AstonJ
Do the test and post your score :nerd_face: :keyboard: If possible, please add info such as the keyboard you’re using, the layout (Qw...
New
PragmaticBookshelf
“A Mystical Experience” Hero’s Journey with Paolo Perrotta @nusco Ever wonder how authoring books compares to writing articles?...
New
gagan7995
API 4 Path: /user/following/ Method: GET Description: Returns the list of all names of people whom the user follows Response [ { ...
New
AstonJ
Saw this on TikTok of all places! :lol: Anyone heard of them before? Lite:
New
foxtrottwist
A few weeks ago I started using Warp a terminal written in rust. Though in it’s current state of development there are a few caveats (tab...
New
New
husaindevelop
Inside our android webview app, we are trying to paste the copied content from another app eg (notes) using navigator.clipboard.readtext ...
New