1 00:00:01,680 --> 00:00:03,669 covering the week's top tech stories 2 00:00:03,669 --> 00:00:03,679 covering the week's top tech stories 3 00:00:03,679 --> 00:00:06,710 covering the week's top tech stories with a slight linux bias for months 4 00:00:06,710 --> 00:00:06,720 with a slight linux bias for months 5 00:00:06,720 --> 00:00:08,710 with a slight linux bias for months apple's corporate network was at risk of 6 00:00:08,710 --> 00:00:08,720 apple's corporate network was at risk of 7 00:00:08,720 --> 00:00:10,470 apple's corporate network was at risk of hacks that could have stolen sensitive 8 00:00:10,470 --> 00:00:10,480 hacks that could have stolen sensitive 9 00:00:10,480 --> 00:00:12,549 hacks that could have stolen sensitive data from potentially millions of its 10 00:00:12,549 --> 00:00:12,559 data from potentially millions of its 11 00:00:12,559 --> 00:00:13,350 data from potentially millions of its customers 12 00:00:13,350 --> 00:00:13,360 customers 13 00:00:13,360 --> 00:00:15,350 customers and executed malicious code on their 14 00:00:15,350 --> 00:00:15,360 and executed malicious code on their 15 00:00:15,360 --> 00:00:17,109 and executed malicious code on their phones and computers 16 00:00:17,109 --> 00:00:17,119 phones and computers 17 00:00:17,119 --> 00:00:19,429 phones and computers sam curry a 20 year old researcher who 18 00:00:19,429 --> 00:00:19,439 sam curry a 20 year old researcher who 19 00:00:19,439 --> 00:00:21,670 sam curry a 20 year old researcher who specializes in website security said 20 00:00:21,670 --> 00:00:21,680 specializes in website security said 21 00:00:21,680 --> 00:00:22,310 specializes in website security said that 22 00:00:22,310 --> 00:00:22,320 that 23 00:00:22,320 --> 00:00:24,950 that in total he and his team found 55 24 00:00:24,950 --> 00:00:24,960 in total he and his team found 55 25 00:00:24,960 --> 00:00:26,390 in total he and his team found 55 vulnerabilities 26 00:00:26,390 --> 00:00:26,400 vulnerabilities 27 00:00:26,400 --> 00:00:29,109 vulnerabilities he rated 11 of them critical because 28 00:00:29,109 --> 00:00:29,119 he rated 11 of them critical because 29 00:00:29,119 --> 00:00:30,950 he rated 11 of them critical because they allowed him to take control of core 30 00:00:30,950 --> 00:00:30,960 they allowed him to take control of core 31 00:00:30,960 --> 00:00:32,389 they allowed him to take control of core apple infrastructure 32 00:00:32,389 --> 00:00:32,399 apple infrastructure 33 00:00:32,399 --> 00:00:34,549 apple infrastructure and from there steal private emails 34 00:00:34,549 --> 00:00:34,559 and from there steal private emails 35 00:00:34,559 --> 00:00:36,470 and from there steal private emails icloud data and other private 36 00:00:36,470 --> 00:00:36,480 icloud data and other private 37 00:00:36,480 --> 00:00:37,990 icloud data and other private information 38 00:00:37,990 --> 00:00:38,000 information 39 00:00:38,000 --> 00:00:40,069 information apple promptly fixed the vulnerabilities 40 00:00:40,069 --> 00:00:40,079 apple promptly fixed the vulnerabilities 41 00:00:40,079 --> 00:00:41,830 apple promptly fixed the vulnerabilities after curry reported them over a 42 00:00:41,830 --> 00:00:41,840 after curry reported them over a 43 00:00:41,840 --> 00:00:43,190 after curry reported them over a three-month span 44 00:00:43,190 --> 00:00:43,200 three-month span 45 00:00:43,200 --> 00:00:45,029 three-month span often within hours of his initial 46 00:00:45,029 --> 00:00:45,039 often within hours of his initial 47 00:00:45,039 --> 00:00:46,229 often within hours of his initial advisory 48 00:00:46,229 --> 00:00:46,239 advisory 49 00:00:46,239 --> 00:00:48,229 advisory the company has so far processed about 50 00:00:48,229 --> 00:00:48,239 the company has so far processed about 51 00:00:48,239 --> 00:00:49,670 the company has so far processed about half of the vulnerabilities and 52 00:00:49,670 --> 00:00:49,680 half of the vulnerabilities and 53 00:00:49,680 --> 00:00:52,150 half of the vulnerabilities and committed to paying 288 thousand 54 00:00:52,150 --> 00:00:52,160 committed to paying 288 thousand 55 00:00:52,160 --> 00:00:55,029 committed to paying 288 thousand five hundred dollars for them once apple 56 00:00:55,029 --> 00:00:55,039 five hundred dollars for them once apple 57 00:00:55,039 --> 00:00:56,950 five hundred dollars for them once apple processes the remainder curry said the 58 00:00:56,950 --> 00:00:56,960 processes the remainder curry said the 59 00:00:56,960 --> 00:00:57,990 processes the remainder curry said the total payout may 60 00:00:57,990 --> 00:00:58,000 total payout may 61 00:00:58,000 --> 00:01:00,950 total payout may surpass a half million dollars curry 62 00:01:00,950 --> 00:01:00,960 surpass a half million dollars curry 63 00:01:00,960 --> 00:01:01,670 surpass a half million dollars curry said and 64 00:01:01,670 --> 00:01:01,680 said and 65 00:01:01,680 --> 00:01:04,070 said and said in an online chat a few hours after 66 00:01:04,070 --> 00:01:04,080 said in an online chat a few hours after 67 00:01:04,080 --> 00:01:05,590 said in an online chat a few hours after posting a nine thousand two hundred 68 00:01:05,590 --> 00:01:05,600 posting a nine thousand two hundred 69 00:01:05,600 --> 00:01:06,310 posting a nine thousand two hundred dollar word 70 00:01:06,310 --> 00:01:06,320 dollar word 71 00:01:06,320 --> 00:01:09,750 dollar word to 9 200 word write up about their 72 00:01:09,750 --> 00:01:09,760 to 9 200 word write up about their 73 00:01:09,760 --> 00:01:10,870 to 9 200 word write up about their findings 74 00:01:10,870 --> 00:01:10,880 findings 75 00:01:10,880 --> 00:01:13,670 findings if the issues were used by an attacker 76 00:01:13,670 --> 00:01:13,680 if the issues were used by an attacker 77 00:01:13,680 --> 00:01:14,710 if the issues were used by an attacker apple would have faced 78 00:01:14,710 --> 00:01:14,720 apple would have faced 79 00:01:14,720 --> 00:01:16,469 apple would have faced massive information disclosure and 80 00:01:16,469 --> 00:01:16,479 massive information disclosure and 81 00:01:16,479 --> 00:01:17,910 massive information disclosure and integrity loss 82 00:01:17,910 --> 00:01:17,920 integrity loss 83 00:01:17,920 --> 00:01:19,910 integrity loss he explains attackers would have access 84 00:01:19,910 --> 00:01:19,920 he explains attackers would have access 85 00:01:19,920 --> 00:01:22,070 he explains attackers would have access to the internal tools used for managing 86 00:01:22,070 --> 00:01:22,080 to the internal tools used for managing 87 00:01:22,080 --> 00:01:23,590 to the internal tools used for managing user information 88 00:01:23,590 --> 00:01:23,600 user information 89 00:01:23,600 --> 00:01:25,350 user information and additionally be able to change the 90 00:01:25,350 --> 00:01:25,360 and additionally be able to change the 91 00:01:25,360 --> 00:01:27,190 and additionally be able to change the systems around to work as the hackers 92 00:01:27,190 --> 00:01:27,200 systems around to work as the hackers 93 00:01:27,200 --> 00:01:28,469 systems around to work as the hackers intend 94 00:01:28,469 --> 00:01:28,479 intend 95 00:01:28,479 --> 00:01:30,390 intend among the most serious risks were those 96 00:01:30,390 --> 00:01:30,400 among the most serious risks were those 97 00:01:30,400 --> 00:01:32,789 among the most serious risks were those posed by a wormable cross-site scripting 98 00:01:32,789 --> 00:01:32,799 posed by a wormable cross-site scripting 99 00:01:32,799 --> 00:01:35,030 posed by a wormable cross-site scripting vulnerability in a code parser 100 00:01:35,030 --> 00:01:35,040 vulnerability in a code parser 101 00:01:35,040 --> 00:01:37,590 vulnerability in a code parser that's used by the icloud servers 102 00:01:37,590 --> 00:01:37,600 that's used by the icloud servers 103 00:01:37,600 --> 00:01:39,830 that's used by the icloud servers because icloud provides service to apple 104 00:01:39,830 --> 00:01:39,840 because icloud provides service to apple 105 00:01:39,840 --> 00:01:41,510 because icloud provides service to apple mail the flaw could be exploited by 106 00:01:41,510 --> 00:01:41,520 mail the flaw could be exploited by 107 00:01:41,520 --> 00:01:43,990 mail the flaw could be exploited by sending someone with an icloud.com 108 00:01:43,990 --> 00:01:44,000 sending someone with an icloud.com 109 00:01:44,000 --> 00:01:46,469 sending someone with an icloud.com or mac.com address and email that 110 00:01:46,469 --> 00:01:46,479 or mac.com address and email that 111 00:01:46,479 --> 00:01:48,950 or mac.com address and email that included malicious characters 112 00:01:48,950 --> 00:01:48,960 included malicious characters 113 00:01:48,960 --> 00:01:51,030 included malicious characters the target need only opened the email to 114 00:01:51,030 --> 00:01:51,040 the target need only opened the email to 115 00:01:51,040 --> 00:01:52,069 the target need only opened the email to be hacked 116 00:01:52,069 --> 00:01:52,079 be hacked 117 00:01:52,079 --> 00:01:53,910 be hacked and once that happened a script hidden 118 00:01:53,910 --> 00:01:53,920 and once that happened a script hidden 119 00:01:53,920 --> 00:01:55,670 and once that happened a script hidden inside the malicious email allowed the 120 00:01:55,670 --> 00:01:55,680 inside the malicious email allowed the 121 00:01:55,680 --> 00:01:58,149 inside the malicious email allowed the hacker to carry out any actions the user 122 00:01:58,149 --> 00:01:58,159 hacker to carry out any actions the user 123 00:01:58,159 --> 00:01:58,870 hacker to carry out any actions the user could 124 00:01:58,870 --> 00:01:58,880 could 125 00:01:58,880 --> 00:02:02,870 could when accessing icloud in the browser 126 00:02:02,870 --> 00:02:02,880 when accessing icloud in the browser 127 00:02:02,880 --> 00:02:05,109 when accessing icloud in the browser in a statement apple says as soon as the 128 00:02:05,109 --> 00:02:05,119 in a statement apple says as soon as the 129 00:02:05,119 --> 00:02:06,870 in a statement apple says as soon as the researchers alerted us to the issues 130 00:02:06,870 --> 00:02:06,880 researchers alerted us to the issues 131 00:02:06,880 --> 00:02:08,389 researchers alerted us to the issues they detail in the report 132 00:02:08,389 --> 00:02:08,399 they detail in the report 133 00:02:08,399 --> 00:02:10,550 they detail in the report we immediately fixed the vulnerabilities 134 00:02:10,550 --> 00:02:10,560 we immediately fixed the vulnerabilities 135 00:02:10,560 --> 00:02:11,750 we immediately fixed the vulnerabilities and took steps to prevent 136 00:02:11,750 --> 00:02:11,760 and took steps to prevent 137 00:02:11,760 --> 00:02:14,550 and took steps to prevent future issues of this kind based on our 138 00:02:14,550 --> 00:02:14,560 future issues of this kind based on our 139 00:02:14,560 --> 00:02:16,229 future issues of this kind based on our logs the researchers were the first to 140 00:02:16,229 --> 00:02:16,239 logs the researchers were the first to 141 00:02:16,239 --> 00:02:18,070 logs the researchers were the first to discover the vulnerability so we feel 142 00:02:18,070 --> 00:02:18,080 discover the vulnerability so we feel 143 00:02:18,080 --> 00:02:18,710 discover the vulnerability so we feel confident 144 00:02:18,710 --> 00:02:18,720 confident 145 00:02:18,720 --> 00:02:21,910 confident no user data was misused big thanks to 146 00:02:21,910 --> 00:02:21,920 no user data was misused big thanks to 147 00:02:21,920 --> 00:02:22,550 no user data was misused big thanks to roy w 148 00:02:22,550 --> 00:02:22,560 roy w 149 00:02:22,560 --> 00:02:24,229 roy w nash and our community of viewers for 150 00:02:24,229 --> 00:02:24,239 nash and our community of viewers for 151 00:02:24,239 --> 00:02:26,470 nash and our community of viewers for submitting stories to us this week 152 00:02:26,470 --> 00:02:26,480 submitting stories to us this week 153 00:02:26,480 --> 00:02:28,390 submitting stories to us this week thanks for watching the category 5 dot 154 00:02:28,390 --> 00:02:28,400 thanks for watching the category 5 dot 155 00:02:28,400 --> 00:02:29,670 thanks for watching the category 5 dot tv newsroom 156 00:02:29,670 --> 00:02:29,680 tv newsroom 157 00:02:29,680 --> 00:02:31,509 tv newsroom don't forget to like and subscribe for 158 00:02:31,509 --> 00:02:31,519 don't forget to like and subscribe for 159 00:02:31,519 --> 00:02:33,430 don't forget to like and subscribe for all your tech news with a slight linux 160 00:02:33,430 --> 00:02:33,440 all your tech news with a slight linux 161 00:02:33,440 --> 00:02:34,229 all your tech news with a slight linux bias 162 00:02:34,229 --> 00:02:34,239 bias 163 00:02:34,239 --> 00:02:35,990 bias and if you appreciate what we do become 164 00:02:35,990 --> 00:02:36,000 and if you appreciate what we do become 165 00:02:36,000 --> 00:02:38,710 and if you appreciate what we do become a patron at patreon.com 166 00:02:38,710 --> 00:02:38,720 a patron at patreon.com 167 00:02:38,720 --> 00:02:41,830 a patron at patreon.com category5 from the category 5 tv 168 00:02:41,830 --> 00:02:41,840 category5 from the category 5 tv 169 00:02:41,840 --> 00:03:01,270 category5 from the category 5 tv newsroom i'm becca ferguson 170 00:03:01,270 --> 00:03:01,280 171 00:03:01,280 --> 00:03:03,360 you