Security News > 2020 > October > 55 New Security Flaws Reported in Apple Software and Services
A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity.
The flaws - including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities - could have allowed an attacker to "Fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources."
Apple has processed about 28 of the vulnerabilities with a total payout of $288,500 as part of its bug bounty program.
One of the Apple domains that were impacted included the Apple Distinguished Educators site that allowed for an authentication bypass using a default password, thus permitting an attacker to access the administrator console and execute arbitrary code.
A separate vulnerability was also discovered in Apple Books for Authors service that's used by authors to help write and get their books published on the Apple Books platform.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/UwDWbo3PPuU/apple-security.html