Apple Hacked Again—These 2 Hackers Can’t Stop Finding Security Flaws | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

There is no such thing as 100% hacker-proof security. Even technology companies with a reputation for building ‘better’ security and privacy into their products—yes, I’m talking about Apple—know this. So, the fact that an Apple platform got hacked isn’t that surprising in the grand scheme of things: the response from the Apple Security team, however, was.

ForbesMystery Apple ID Password Resets Strike iPhone, iPad, Mac Users

Who Hacked Apple?

Most often, you’ll find me saying that it’s too early in the incident investigation or attribution isn’t that important when dealing with the hacking of a technology behemoth such as Apple. On this occasion, however, I can tell you right now who did it: Harsh Jaiswal and Rahul Maini from HTTPVoid Research. The two security researchers already have some history when it comes to hacking Apple, as they did just that back in 2021 by exploiting a zero-day vulnerability with the content management system used on the Apple platform. That exploit earned the two bug bounty hunters a $50,000 reward from Apple. There’s no mention of any bounty payment in the duo’s write-up at another project called Project Discovery of how they hacked Apple on 8 May in an article titled Hacking Apple – SQL Injection to Remote Code Execution however.

How Did These Two Security Researchers Hack Apple?

In February, the researchers posted an article explaining how they had, once again, found a way to hack Apple. That exploit revolved around Lucee, an Adobe ColdFusion server that uses fewer resources and delivers better performance. Specifically, the pair explored the source code of the MASA/Mura content management system employed with Lucee. Then, the vulnerabilities they found enabled them to gain remote code execution “on multiple Apple servers.”

ForbesDell Confirms Database Hacked-Hacker Says 49 Million Customers Hit

Fast-forward to now, and the researchers have explained how they devoted more time to exploring that CMS source code, motivated by the expansive potential attack surface it exposed. After just one week they “stumbled upon several entry points for exploitation,” including a critical SQL injection vulnerability that enabled them to hack the Apple Travel portal. Read the excellent analysis of the whole procedure at the Project Discovery site if you want the full technical details of how this went down. Suffice it to say, they were able to reset an admin user password for the Apple platform via a SQL injection attack, then use that password reset endpoint with exfiltrated info.

Apple Fixed The Vulnerability Within 2 Hours Of It Being Reported

Because these are the kind of hackers that we need out there looking for stuff like this, they promptly submitted a report to Apple along with the proof of concept demonstration showing them logging into an Apple admin account. “Our exploration of Masa/Mura CMS has been a rewarding journey,” Jaiswal and Maini said, “revealing critical vulnerabilities.” Both Apple and Mura CMS responded equally promptly to implement a fix. In the case of Apple, this took less than 2 hours following the submission of the vulnerability report. “As always, working with Apple has been a good collaboration,” the researchers concluded. Masa CMS, an open-source fork of the Mura CMS, also responded quickly and transparently, releasing a new version of the code. The researchers report that “despite numerous attempts to reach out,” they were unable to get a response from the Mura CMS team and have waited the requisite 90 days before publishing these details. I have reached out to both Apple and Mura CMS and will report back with any statements should they be provided.

ForbesDropbox Warns Hacker Accessed Customer Passwords And 2FA Data


Click Here For The Original Story From This Source.


National Cyber Security