in English

Two Turkish Software Developers Find Two Vulnerabilities of Apple

940 Views



Working as Backend Developer at Masomo, Rıza Sabuncu and his friend Ertuğrul discovered two different vulnerabilities in different systems of Apple with their own efforts. Rıza and Ertuğrul, who reported the errors they found to the technology giant, were rewarded with $ 2,500 and $ 5,000, respectively.

Technology companies are award-winning companies to quickly fix gaps in their services of millions of lines of code. “bug bounty” or “bug hunting” programs in Turkish. Software developers who are interested in cyber security or system vulnerabilities report the vulnerabilities they find to giant companies. software developers in Turkey recently bug bounty also manages housing matters.

Not so much, finding Apple’s deficit just last May and rewarding it with $ 7,500 at the end of the process. Riza SabuncuAbout 1 month ago, Apple found another vulnerability. When we reach him, the gap in question “On a cloud service where Apple’s address formatting configurations (setting files) are required for development and where username and passwords are stored” stated that.

Then, for 15 days, a total of thousands of Apple’s subdomains sending billions of HTTP requests did the test. Rıza, who reported the situation to Apple in detail, stated that the deficit was resolved within approximately 3 hours. Normally, it takes months for Apple to review a report, reach out to the discoverer and work together if necessary and announce the award, but the whole process took 1 month in this vulnerability that Rıza discovered. This shows how critical the vulnerability it found is for Apple.

You May Also Like:  I Booking.co, Turkey 3 Years Later Returns

Another bounty hunter friend of Rıza, 18-year-old Ertugrul found Apple’s iTunes service open on a domain name. Stating that he discovered the vulnerability in about 1 hour on June 3 and that even AppleIDs could be affected as a result, Ertuğrul reported the details to Apple with video evidence within 1.5 hours. Apple partially fixed the vulnerability within the first 24 hours to prevent users from being affected, then the problem was completely eliminated on August 13 with regular updates.

Both software developers accepted the awards given:

// share scroll if ($('.content-sticky').length > 0) { if ($(window).width() >= 768) { $(window).on('scroll', function () { var scrollTop = $(this).scrollTop(); $('article').each(function () { if (scrollTop >= ($(this).find('.content-body').offset().top - 76)) { $(this).find('.content-sticky').addClass('sticky'); if (scrollTop >= ($(this).find('.content-body').offset().top + $(this).find('.content-body').height() - ($(this).find('.content-sticky').height() + 92))) { $(this).find('.content-sticky').removeClass('sticky'); $(this).find('.content-sticky').css({'bottom': '0px', 'top': 'auto'}); } else { $(this).find('.content-sticky').addClass('sticky').css({ 'bottom': 'initial', 'top': '76px' }); } } else { $(this).find('.content-sticky').removeClass('sticky').css({'bottom': 'auto', 'top': '0'}); } }); }); } }

// share click $('body').on({ click: function (){ var $this = $(this), dataShareType = $this.attr('data-share-type'), dataType = $this.attr('data-type'), dataId = $this.attr('data-id'), dataPostUrl = $this.attr('data-post-url'), dataTitle = $this.attr('data-title'), dataSef = $this.attr('data-sef');

switch(dataShareType) { case 'facebook': FB.ui({ method: 'share', href: dataSef, }, function(response){ if (response && !response.error_message) { updateHit(); } });

break;

case 'twitter': shareWindow('https://twitter.com/intent/tweet?via=webtekno&text="+encodeURIComponent(dataTitle) + " %E2%96%B6 ' + encodeURIComponent(dataSef)); updateHit(); break;

case 'gplus': shareWindow('https://plus.google.com/share?url=" + encodeURIComponent(dataSef)); updateHit(); break;

case "mail': window.location.href="https://www.webtekno.com/mailto:?subject=" + encodeURIComponent(dataTitle) +'&body='+ encodeURIComponent(dataSef); //updateHit(); break;

case 'whatsapp': window.location.href="whatsapp://send?text=" + encodeURIComponent(dataTitle) +' %E2%96%B6 '+ encodeURIComponent(dataSef); updateHit(); break; }

function shareWindow (url) { window.open(url, "_blank", "toolbar=yes, scrollbars=yes, resizable=yes, top=500, left=500, width=400, height=400"); }

function updateHit () { $.ajax({ type: "POST", url: dataPostUrl, data: {contentId: dataId, contentType: dataType, shareType: dataShareType}, success: function(data) {

if ($('.video-showcase').length > 0) { var $container = $('.video-showcase'); } else if ($('article[data-id="' + dataId + '"]').length > 0) { var $container = $('article[data-id="' + dataId + '"]'); } else if ($('.wt-share-item[data-id="' + dataId + '"]').length > 0) { var $container = $('.wt-share-item[data-id="' + dataId + '"]'); } else { $container = null; }

//var $container = dataType == 'video' ? $('.video-showcase') : $('article[data-id="' + dataId + '"]');

if ( $container != null && $container.length > 0 ) { var $badged = $container.find('.wt-share-badge-' + dataShareType);

var $headerCount = $('.content-header').find('.wt-share-count'), $containerCount = $container.find('.wt-share-count'), value = parseInt($containerCount.html()) + 1;

$container.data('share', value); //$containerCount.html(value);

if ($headerCount.length > 0) { //$headerCount.html(value); }

if ( $badged.length > 0 && (dataShareType == 'facebook' || dataShareType == 'twitter')) { if ($badged.hasClass('is-visible')) { //$badged.html(data); } else { //$badged.addClass('is-visible').html(data); } } }

} }); } } }, '.wt-share-button') }); }

Dikkat: Sitemiz herkese açık bir platform olduğundan, çox fazla kişi paylaşım yapmaktadır. Sitenizden izinsiz paylaşım yapılması durumunda iletişim bölümünden bildirmeniz yeterlidir.