10/13/2023 0 Comments Top ios shortcuts 2021![]() I downloaded all Apple owned apps and started looking at the traffic. I dug up an old jailbroken iPad I had, which allowed me to proxy all content through my laptop. This is when some of the first bugs popped up, finally restoring my self-esteem a bit, making me more relaxed and focused going forward. On the third day, I started to connect the dots, realized how certain assets connected to other assets, and started to understand more how things worked. I was intercepting requests all over the place, modifying things cluelessly and expecting miracles. It took me three days, three days of fighting the imposter syndrome, feeling worthless and almost stressed by not getting anywhere. ![]() Ben and the team had already found all the bugs, right? I felt that I sucked, that I could not find anything interesting. ![]() If you’ve been in and out of bug hunting you might recognize the same kind of feeling I had. In the middle of February this year I had the ability to spend some time and I decided to go all in on hunting bugs on Apple. The article they wrote is still one of the best inspirational posts I’ve ever read and it’s still a post I regularly go back to for more info. IntroĮver since the fantastic “We Hacked Apple for 3 Month” article by Ziot, Sam, Ben, Samuel and Tanner, I wanted to approach Apple myself, looking for bugs with my own mindset. All bugs were reported to and fixed by the Apple Security Bounty program. This blog post explains in detail three bugs found in iCrowd+, Apple News and Apple Shortcuts with different criticality uncovered by Frans Rosen while hacking Cloudkit. These access controls could be misconfigured, even by Apple themselves, which affected Apple’s own apps using CloudKit. CloudKit, the data storage framework by Apple, has various access controls.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |