The security flaws that they found in the tech giant’s infrasture could have “allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects,” wrote Curry.
He added that the vulnerabilities could have enabled bad actors to “fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.”
Curry noted that most of the vulnerabilities they reported to Apple have been fixed as of October 6. It only takes as little as 4-6 hours to fix the problems.
Apple has a massive and complex infrastructure
Curry said they started scanning to determine what the Apple universe includes and what parts would be accessible to them. The results of their scanning were indexed in a dashboard along with HTTP status code, response body, headers, and a screenshot of the accessible web servers under the various domains owned by Apple.
