Apple Paid $2,88,500 To Ethical Hackers to hack their system and find flaws

A group of hackers has been awarded nearly $300,000 by Apple for discovering 55 vulnerabilities in the company’s systems.

The group, including four members-Sam Curry, Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes spent three months hacking Apple platforms and services to discover the vulnerabilities. They discovered 55 vulnerabilities with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports.

These security bugs permitted the programmers to invade Apple’s centre framework which may permit them to access the company’s private information.

Apple has paid $288,500 to the team for processing more than half of the vulnerabilities. One of the team members, Sam Curry said that the total payout might surpass $500,000 after Apple would pay them the rest. 

“During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would’ve allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources,” the hackers said.

“If the issues were used by an attacker, Apple would’ve faced massive information disclosure and integrity loss,” Curry said in an online chat a few hours after posting a 9,200-word writeup titled We Hacked Apple for 3 Months: Here’s What We Found. “For instance, attackers would have access to the internal tools used for managing user information and additionally be able to change the systems around to work as the hackers intend.”

The hackers performed the task under Apple’s bug-bounty program. Sam Curry gave a statement saying, "This was surprising to me as I previously understood that Apple’s bug bounty program only awarded security vulnerabilities affecting their physical products and did not payout for issues affecting their web assets.”

As part of Apple’s Security Bounty Program, the group received considerable payments for some of their work. On Sunday, October 4, the team had received four payments totalling $51,500. That included $5,000 for revealing the full name of iCloud users, $6,000 for finding IDOR vulnerabilities, $6,500 for access to internal corporate environments, and $34,000 for discovering system memory leaks containing customer data. 

Apple has been very active in investing in its bug bounty program since last year. Security researchers now have the chance to receive up to one million dollars per vulnerability based upon the nature and degree of the bug.

Disclaimer: The news on the Website have been compiled from a variety of sources and cannot vouch for the veracity of the stories.

Whoops! There was an error.
ErrorException (E_NOTICE)
ob_end_flush(): failed to send buffer of zlib output compression (0) ErrorException thrown with message "ob_end_flush(): failed to send buffer of zlib output compression (0)" Stacktrace: #4 ErrorException in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:1219 #3 ob_end_flush in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:1219 #2 Symfony\Component\HttpFoundation\Response:closeOutputBuffers in /home/streakshot/public_html/vendor/symfony/http-foundation/Response.php:381 #1 Symfony\Component\HttpFoundation\Response:send in /home/streakshot/public_html/public/index.php:58 #0 require_once in /home/streakshot/public_html/index.php:21
4
ErrorException
/vendor/symfony/http-foundation/Response.php1219
3
ob_end_flush
/vendor/symfony/http-foundation/Response.php1219
2
Symfony\Component\HttpFoundation\Response closeOutputBuffers
/vendor/symfony/http-foundation/Response.php381
1
Symfony\Component\HttpFoundation\Response send
/public/index.php58
0
require_once
/index.php21
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        return \in_array($this->statusCode, [204, 304]);
    }
 
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @final
     */
    public static function closeOutputBuffers(int $targetLevel, bool $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        $flags = PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE);
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
Arguments
  1. "ob_end_flush(): failed to send buffer of zlib output compression (0)"
    
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        return \in_array($this->statusCode, [204, 304]);
    }
 
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @final
     */
    public static function closeOutputBuffers(int $targetLevel, bool $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        $flags = PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE);
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
/home/streakshot/public_html/vendor/symfony/http-foundation/Response.php
    {
        echo $this->content;
 
        return $this;
    }
 
    /**
     * Sends HTTP headers and content.
     *
     * @return $this
     */
    public function send()
    {
        $this->sendHeaders();
        $this->sendContent();
 
        if (\function_exists('fastcgi_finish_request')) {
            fastcgi_finish_request();
        } elseif (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true)) {
            static::closeOutputBuffers(0, true);
        }
 
        return $this;
    }
 
    /**
     * Sets the response content.
     *
     * Valid types are strings, numbers, null, and objects that implement a __toString() method.
     *
     * @param mixed $content Content that can be cast to string
     *
     * @return $this
     *
     * @throws \UnexpectedValueException
     */
    public function setContent($content)
    {
        if (null !== $content && !\is_string($content) && !is_numeric($content) && !\is_callable([$content, '__toString'])) {
            throw new \UnexpectedValueException(sprintf('The Response content must be a string or object implementing __toString(), "%s" given.', \gettype($content)));
Arguments
  1. 0
    
  2. true
    
/home/streakshot/public_html/public/index.php
 
/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/
 
$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);
 
$response = $kernel->handle(
    $request = Illuminate\Http\Request::capture()
);
 
$response->send();
 
$kernel->terminate($request, $response);
 
/home/streakshot/public_html/index.php
 
/**
 * Laravel - A PHP Framework For Web Artisans
 *
 * @package  Laravel
 * @author   Taylor Otwell <taylor@laravel.com>
 */
 
$uri = urldecode(
    parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH)
);
 
// This file allows us to emulate Apache's "mod_rewrite" functionality from the
// built-in PHP web server. This provides a convenient way to test a Laravel
// application without having installed a "real" web server software here.
if ($uri !== '/' && file_exists(__DIR__.'/public'.$uri)) {
    return false;
}
 
require_once __DIR__.'/public/index.php';
 
Arguments
  1. "/home/streakshot/public_html/public/index.php"
    

Environment & details:

empty
empty
empty
empty
empty
Key Value
TZ
"Asia/Kolkata"
REDIRECT_REDIRECT_UNIQUE_ID
"YaH61E0eDSPuhhxViCcl-AAAAAE"
REDIRECT_REDIRECT_SCRIPT_URL
"/technology/apple-paid-288500-to-ethical-hackers-to-hack-their-system"
REDIRECT_REDIRECT_SCRIPT_URI
"https://streakshot.com/technology/apple-paid-288500-to-ethical-hackers-to-hack-their-system"
REDIRECT_REDIRECT_HTTPS
"on"
REDIRECT_REDIRECT_STATUS
"200"
REDIRECT_UNIQUE_ID
"YaH61E0eDSPuhhxViCcl-AAAAAE"
REDIRECT_SCRIPT_URL
"/technology/apple-paid-288500-to-ethical-hackers-to-hack-their-system"
REDIRECT_SCRIPT_URI
"https://streakshot.com/technology/apple-paid-288500-to-ethical-hackers-to-hack-their-system"
REDIRECT_HTTPS
"on"
REDIRECT_HANDLER
"application/x-httpd-ea-php72"
REDIRECT_STATUS
"200"
UNIQUE_ID
"YaH61E0eDSPuhhxViCcl-AAAAAE"
SCRIPT_URL
"/technology/apple-paid-288500-to-ethical-hackers-to-hack-their-system"
SCRIPT_URI
"https://streakshot.com/technology/apple-paid-288500-to-ethical-hackers-to-hack-their-system"
HTTPS
"on"
HTTP_HOST
"streakshot.com"
HTTP_X_REAL_IP
"18.212.120.195"
HTTP_X_FORWARDED_PROTO
"https"
HTTP_CONNECTION
"close"
HTTP_USER_AGENT
"CCBot/2.0 (https://commoncrawl.org/faq/)"
HTTP_ACCEPT
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_LANGUAGE
"en-US,en;q=0.5"
HTTP_IF_MODIFIED_SINCE
"Thu, 23 Sep 2021 13:01:49 GMT"
HTTP_ACCEPT_ENCODING
"br,gzip"
HTTP_X_HTTPS
"1"
PATH
"/usr/local/jdk/bin:/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/usr/local/bin:/usr/X11R6/bin:/root/bin:/opt/bin"
SERVER_SIGNATURE
""
SERVER_SOFTWARE
"Apache"
SERVER_NAME
"streakshot.com"
SERVER_ADDR
"62.210.127.245"
SERVER_PORT
"443"
REMOTE_ADDR
"18.212.120.195"
DOCUMENT_ROOT
"/home/streakshot/public_html"
REQUEST_SCHEME
"https"
CONTEXT_PREFIX
"/cgi-sys"
CONTEXT_DOCUMENT_ROOT
"/usr/local/cpanel/cgi-sys/"
SERVER_ADMIN
"webmaster@streakshot.com"
SCRIPT_FILENAME
"/home/streakshot/public_html/index.php"
REMOTE_PORT
"38516"
REDIRECT_URL
"/index.php"
GATEWAY_INTERFACE
"CGI/1.1"
SERVER_PROTOCOL
"HTTP/1.1"
REQUEST_METHOD
"GET"
QUERY_STRING
""
REQUEST_URI
"/technology/apple-paid-288500-to-ethical-hackers-to-hack-their-system"
SCRIPT_NAME
"/index.php"
ORIG_SCRIPT_FILENAME
"/usr/local/cpanel/cgi-sys/ea-php72"
ORIG_PATH_INFO
"/index.php"
ORIG_PATH_TRANSLATED
"/home/streakshot/public_html/index.php"
ORIG_SCRIPT_NAME
"/cgi-sys/ea-php72"
PHP_SELF
"/index.php"
REQUEST_TIME_FLOAT
1638005460.8282
REQUEST_TIME
1638005460
argv
[]
argc
0
APP_NAME
"StreakShot"
APP_ENV
"local"
APP_KEY
"base64:ReQmfEFXKLWiEg6BrcO2XKiMoAGvRdQy00AsMsYzrsk="
APP_DEBUG
"true"
APP_URL
"https://streakshot.com"
LOG_CHANNEL
"stack"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"streaksh_db"
DB_USERNAME
"streaksh_user"
DB_PASSWORD
".wdnNP8o^nUT"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
QUEUE_CONNECTION
"sync"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mailtrap.io"
MAIL_PORT
"2525"
MAIL_USERNAME
"null"
MAIL_PASSWORD
"null"
MAIL_ENCRYPTION
"null"
AWS_ACCESS_KEY_ID
""
AWS_SECRET_ACCESS_KEY
""
AWS_DEFAULT_REGION
"us-east-1"
AWS_BUCKET
""
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
PUSHER_APP_CLUSTER
"mt1"
MIX_PUSHER_APP_KEY
""
MIX_PUSHER_APP_CLUSTER
"mt1"
Key Value
APP_NAME
"StreakShot"
APP_ENV
"local"
APP_KEY
"base64:ReQmfEFXKLWiEg6BrcO2XKiMoAGvRdQy00AsMsYzrsk="
APP_DEBUG
"true"
APP_URL
"https://streakshot.com"
LOG_CHANNEL
"stack"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"streaksh_db"
DB_USERNAME
"streaksh_user"
DB_PASSWORD
".wdnNP8o^nUT"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
QUEUE_CONNECTION
"sync"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mailtrap.io"
MAIL_PORT
"2525"
MAIL_USERNAME
"null"
MAIL_PASSWORD
"null"
MAIL_ENCRYPTION
"null"
AWS_ACCESS_KEY_ID
""
AWS_SECRET_ACCESS_KEY
""
AWS_DEFAULT_REGION
"us-east-1"
AWS_BUCKET
""
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
PUSHER_APP_CLUSTER
"mt1"
MIX_PUSHER_APP_KEY
""
MIX_PUSHER_APP_CLUSTER
"mt1"
0. Whoops\Handler\PrettyPageHandler