5 Ethical hackers discovered 55 critical and threatening vulnerabilities in apple core system which about 2/3 of the vulnerability are rated critical. There are very few less than 11 vulnerabilities rated critical, 29 are rated high, 13 are considered intermediate and the other two are considered to below.
During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources
An entire Apple Distinguished Educators Program may lead to a vulnerability. A useless stored vulnerability in cross-sites scripting could allow the actor to grab iCloud data. "Overall, it would enable an adversary or an intruder to execute any command on apple ade.apple.com's web server," white hats said.
In the meantime, researchers have also been able to establish a demonstration of how the wormable XSS loopholes are theoretically used by a hacker. The attack consists of changing a "Cascade Style Sheets" tag to be submitted to an email account of iCloud.
iCloud Account takeover ( POC )
Or the attacker can hide any data saved by the victim in his iCloud including images, videos, documents, as well as send the malicious email to everyone in the phone contacts of the victim.
"In general, Apple has listened very much to our reports, the team thanked the Cupertino's technics giant for its speedy response. The turnaround for our more sensitive accounts just took four hours between the time of submission and the time of mitigation.
Thanks for sharing