CommunityNews

CommunityNews

How I Found a Vulnerability to Hack iCloud Accounts and How Apple Reacted to It

This article is about how I found a vulnerability on Apple forgot password endpoint that allowed me to takeover an iCloud account. The vulnerability is completely patched by Apple security team and it no longer works. Apple Security Team rewarded me $18,000 USD as a part of their bounty program but I refused to receive it. Please read the article to know why I refused the bounty.

After my Instagram account takeover vulnerability, I realized that many other services are vulnerable to race hazard based brute forcing. So I kept reporting the same with the affected service providers like Microsoft, Apple and a few others.

Many people mistook this vulnerability as typical brute force attack but it isn’t. Here we are sending multiple concurrent requests to the server to exploit the race condition vulnerability present in the rate limits making it possible to bypass it.

Now lets see what I found in Apple.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Most Liked

OvermindDL1

OvermindDL1

Very unethical of Apple…

Where Next?

Popular Macos topics Top

First poster: bot
Apple Silicon M1: A Developer’s Perspective. The excitement around Apple’s new M1 chip is everywhere. I bought a MacBook Air 16GB M1 to ...
New
First poster: bot
How Apple’s rivals plan to catch up with the mighty M1 chip. Apple Silicon is just getting started yet the initial reaction has been rap...
New
First poster: bot
Safari supports WebGPU experimentally with WSL kernels. I wrote a simple tuner that tries to optimize matrix multiplication. If you have ...
New
First poster: bot
The Swift concurrency model intends to provide a safe programming model that statically detects data races and other common concurrency b...
New
First poster: bot
mathiasbynens/dotfiles. :wrench: .files, including ~/.macos — sensible hacker defaults for macOS - mathiasbynens/dotfiles This threa...
New
First poster: bot
Fed up with the Mac, I spent six months with a Linux laptop. The grass is not greener on the other side April 02, 2021 — Carlos Fenollosa...
New
First poster: bot
Apple Makes OS X Lion and Mountain Lion Free to Download. Apple recently dropped the $19.99 fee for OS X Lion and Mountain Lion, making ...
New
First poster: bot
MainActor is a new attribute introduced in Swift 5.5 as a global actor providing an executor which performs its tasks on the main thread....
New
First poster: bot
Airyx™ is a new open-source desktop operating system that aims to provide a similar experience and compatibiilty with macOS® on x86-64 sy...
New
First poster: bot
I’m a bit of a sustainability nerd. I love the idea of living a life where your carbon footprint is neutral (or negative) and you leave t...
New

Other popular topics Top

axelson
I’ve been really enjoying obsidian.md: It is very snappy (even though it is based on Electron). I love that it is all local by defaul...
New
dasdom
No chair. I have a standing desk. This post was split into a dedicated thread from our thread about chairs :slight_smile:
New
AstonJ
If you are experiencing Rails console using 100% CPU on your dev machine, then updating your development and test gems might fix the issu...
New
AstonJ
Was just curious to see if any were around, found this one: I got 51/100: Not sure if it was meant to buy I am sure at times the b...
New
PragmaticBookshelf
Author Spotlight Jamis Buck @jamis This month, we have the pleasure of spotlighting author Jamis Buck, who has written Mazes for Prog...
New
Help
I am trying to crate a game for the Nintendo switch, I wanted to use Java as I am comfortable with that programming language. Can you use...
New
PragmaticBookshelf
Author Spotlight: VM Brasseur @vmbrasseur We have a treat for you today! We turn the spotlight onto Open Source as we sit down with V...
New
PragmaticBookshelf
Get the comprehensive, insider information you need for Rails 8 with the new edition of this award-winning classic. Sam Ruby @rubys ...
New
PragmaticBookshelf
A concise guide to MySQL 9 database administration, covering fundamental concepts, techniques, and best practices. Neil Smyth MySQL...
New
mindriot
Ok, well here are some thoughts and opinions on some of the ergonomic keyboards I have, I guess like mini review of each that I use enoug...
New