Check out the free, 2-week trial of Detectify:
https://www.detectify.com/BBRE

✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/

This video is an explanation of a bug bounty report submitted to Apple bug bounty program by Frans Rosén. The vulnerability was the lack of access control and it did cause shared Apple shortcuts to stop working globally for a few days. Despite that, the bug hunter was awarded $28,000 bounty for this report.

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215


Report:
https://labs.detectify.com/2021/09/13/hacking-cloudkit-how-i-accidentally-deleted-your-apple-shortcuts/

Reporter’s twitter:
https://twitter.com/fransrosen

Follow me on twitter:
https://twitter.com/gregxsunday

Timestamps:
00:00 Intro
00:25 Detectify – the sponsor of the video
01:17 Apple shortcuts and CloudKit Database
04:20 Access control in Apple Shortcuts
05:57 Whoops…

Add comment

Your email address will not be published. Required fields are marked *