A hacker team led by a 20-year-old researcher has found 55 vulnerabilities, 11 of them critical, in Apple’s corporate network. Apple promptly fixed the vulnerabilities after they were reported over a three-month span, often within hours of initial advisory. The company has so far processed about half of the vulnerabilities and committed to paying $288,500 for them. Once Apple processes the remainder, the total pay out might surpass $500,000.
Ilia Kolochenko, Founder & CEO of web security company ImmuniWeb, Master of Legal Studies (WASHU) & MS Criminal Justice and Cybercrime Investigation (BU), comments:
“Unfortunately, there is no warranty that these vulnerabilities have not been exploited by sophisticated threat actors to silently compromise VIP victims. Worse, likely more similar vulnerabilities exist undiscovered and may be known to hacking groups that make a lot of money by their exploitation. Modern web applications open the door to corporate networks with the most critical information, and their breach can be fatal for a company
This is an alarming reminder that even the largest tech companies considerably underestimate their web application security. Most organizations merely invest into some automated scanning tools and recurrent penetration testing but without implementing a comprehensive application security program. Such program shall include regular secure coding trainings for software developers, introduce security controls aimed to detect vulnerabilities at the early stage of development – the so-called shift left approach, and provide strict security guidelines for software developed by third-parties. Finally, modern software shall incorporate privacy by design to enable seamless compliance with regulations like CCPA or GDRP.”
Follow us on Twitter and connect with us on LinkedIn.
For more security news, click here.