$28k IDOR that broke Apple Shortcuts – Apple bug bounty
https://www.detectify.com/BBRE
✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/
This video is an explanation of a bug bounty report submitted to Apple bug bounty program by Frans Rosén. The vulnerability was the lack of access control and it did cause shared Apple shortcuts to stop working globally for a few days. Despite that, the bug hunter was awarded $28,000 bounty for this report.
? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215
Report:
https://labs.detectify.com/2021/09/13/hacking-cloudkit-how-i-accidentally-deleted-your-apple-shortcuts/
Reporter’s twitter:
https://twitter.com/fransrosen
Follow me on twitter:
https://twitter.com/gregxsunday
Timestamps:
00:00 Intro
00:25 Detectify – the sponsor of the video
01:17 Apple shortcuts and CloudKit Database
04:20 Access control in Apple Shortcuts
05:57 Whoops…
Add comment