The American company Apple (Apple) celebrated an Algerian young man who exposed one of the most dangerous vulnerabilities in its security system, twice including his name in the honor list published on its website.
Via Apple’s technical support website – “Apple publishes this list to thank those who have reported security issues with our web servers. The company publishes vulnerabilities found every 3 months after the problem is identified and fixed”. It contains the names of people who reported the damage, including Abdul Qader Moyes.
Describing the achievement, Moise wrote, “Praise be to God, by whose grace good works are accomplished, today is one of the best achievements of my career and I will be proud to have done it twice.”
Bloggers and tweeters on social media platforms praised what Moise did and called on the Algerian authorities to pay more attention to his skills and nurture them in order to exploit them in the future.
Abdulkhader published a blog post last month saying that he had been able to prove that the loopholes were real, had an impact, and that Apple had agreed and offered a financial reward.
Cross-site programming
The Algerian hacker identified the type of vulnerability he discovered as cross-site scripting, or “xss” for short.
This type of attack works on computer systems, and we find it especially in Internet applications called injection programming, in which some hackers insert some code into pages that others view.
They try to manipulate some key principles in the system, such as access control, or try to capture sensitive and important information.
According to the explanation published by Moez, the two vulnerabilities used the same technology, but the second most dangerous vulnerability was an administrator’s account, not a normal user’s account, which allowed him to access sensitive information about certain users.
Moise continued on his Facebook page that these loopholes appear to be on Apple sites and not limited to the American company’s phones or other devices.
Apple has announced advancements in its products
The disclosure comes as Apple recommended that owners of certain versions of “iPhone” phones, “iPad” tablets and “Mac” computers update their driver software containing a security flaw that allowed them to control these devices.
According to the American company’s website, the problem affects the sixth and subsequent versions of the iPhone, all iPad Pro devices, the fifth generation and later generations of iPad, and all Mac computers.
Apple revealed that a previous version of the driver contained “an application that allows the use of arbitrary code” that would give access to the device and allow a hacker to manipulate it.
Apple indicated that information hackers “may exploit this possibility” without further details.
They added that this vulnerability could be exploited with “malicious Internet content”.
To fix the bug, Apple requested users to download version “15.6.1” of the “iOS” driver for “iPhone” and “iPad OS” phones as well as “iPad” and “Mac OS Monterey” versions “12.5”. ” .1 for Mac computers.
the source : Websites + Social media
Problem solver. Incurable bacon specialist. Falls down a lot. Coffee maven. Communicator.