Security News > 2021 > June > Researcher Claims Apple Downplayed Severity of iCloud Account Takeover Vulnerability
A security researcher claims he discovered a critical vulnerability in Apple's password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw.
The issue, researcher Laxman Muthiyah says, was a bypass of the various security measures Apple has in place to prevent attempts to brute force the 'forgot password' functionality for Apple accounts.
The researcher discovered that an attacker could send the requests using cloud services that are not blocked, enabling them to brute-force the 6-digit code and gain access to the targeted iCloud account.
The researcher claimed Apple did not notify him when it fixed the issue.
"If they did patch it after my report, the vulnerability became a lot more severe than what I initially thought. Through brute forcing the passcode, we [would] be able to identify the correct passcode by differentiating the responses. So we not only can take over any iCloud account but also discover the passcode of the Apple device associated with it. Even though the attack is complex, this vulnerability could hack any iPhone / iPad that has a 4 digit / 6 digit numeric passcode if my assumption is right," he says.
Apple offered the researcher an $18,000 bug bounty reward, but he refused it, saying that the company significantly downplayed the impact of the flaw, and that it should have awarded him $100,000 or even as much as $350,0000.
News URL
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks (source)
- Apple creates Private Cloud Compute VM to let researchers find bugs (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)