covering the week's top tech stories
with a slight linux bias for months
apple's corporate network was at risk of
hacks that could have stolen sensitive
data from potentially millions of its
customers
and executed malicious code on their
phones and computers
sam curry a 20 year old researcher who
specializes in website security said
that
in total he and his team found 55
vulnerabilities
he rated 11 of them critical because
they allowed him to take control of core
apple infrastructure
and from there steal private emails
icloud data and other private
information
apple promptly fixed the vulnerabilities
after curry reported them over a
three-month span
often within hours of his initial
advisory
the company has so far processed about
half of the vulnerabilities and
committed to paying 288 thousand
five hundred dollars for them once apple
processes the remainder curry said the
total payout may
surpass a half million dollars curry
said and
said in an online chat a few hours after
posting a nine thousand two hundred
dollar word
to 9 200 word write up about their
findings
if the issues were used by an attacker
apple would have faced
massive information disclosure and
integrity loss
he explains attackers would have access
to the internal tools used for managing
user information
and additionally be able to change the
systems around to work as the hackers
intend
among the most serious risks were those
posed by a wormable cross-site scripting
vulnerability in a code parser
that's used by the icloud servers
because icloud provides service to apple
mail the flaw could be exploited by
sending someone with an icloud.com
or mac.com address and email that
included malicious characters
the target need only opened the email to
be hacked
and once that happened a script hidden
inside the malicious email allowed the
hacker to carry out any actions the user
could
when accessing icloud in the browser
in a statement apple says as soon as the
researchers alerted us to the issues
they detail in the report
we immediately fixed the vulnerabilities
and took steps to prevent
future issues of this kind based on our
logs the researchers were the first to
discover the vulnerability so we feel
confident
no user data was misused big thanks to
roy w
nash and our community of viewers for
submitting stories to us this week
thanks for watching the category 5 dot
tv newsroom
don't forget to like and subscribe for
all your tech news with a slight linux
bias
and if you appreciate what we do become
a patron at patreon.com
category5 from the category 5 tv
newsroom i'm becca ferguson
you