Apple Service Ticket Portal Vulnerability Exposes Millions of Users Data
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical security flaw in Apple’s service ticket portal has come to light, potentially exposing the sensitive data of millions of users.
The vulnerability, rooted in a combination of Insecure Direct Object Reference (IDOR) and privilege escalation, allowed unauthorized access to user information, including Mac serial numbers, IMEI numbers, and service ticket details.
When Virtuvil, the researcher, submitted a repair ticket using a QR code, he discovered the problem after investigating the portal’s backend capabilities.
The core issue stemmed from missing access control checks in the portal’s design.
IDOR Vulnerability: The portal assigned unique identifiers to service tickets but failed to validate whether users had permission to access those records.
For instance: A URL containing a parameter like https://service.apple.com/ticket?id=12345 could be modified by changing the id value. This allowed unauthorized access to other users’ tickets without authentication.
Privilege Escalation: Once unauthorized access was achieved, further exploitation enabled administrative privileges.This vertical privilege escalation granted control over sensitive system functionalities, such as modifying repair appointments or accessing customer databases.
Lack of Rate Limiting: The absence of rate-limiting mechanisms amplified the risk. Attackers could use automated tools like intruder scripts to iterate through ticket IDs or user parameters, systematically harvesting data at scale.
Data Exposed
The breach exposed a wide range of sensitive information:
“I accessed the request made to view my ticket and noticed that the URL contained an easily modifiable parameter — my mobile number. By changing the mobile number in the request, I was able to access another user’s ticket, bypassing any authentication measures”, the researcher said
Customer data exposed
The implications of such a vulnerability are severe where the exposure of personal details could lead to identity theft or phishing attacks. A large number of repair appointments could be canceled or changed by malicious actors.
Apple has since patched the vulnerability following its disclosure through its bug bounty program. Security updates were rolled out across affected systems, reinforcing authorization checks and implementing rate-limiting measures.
This breach serves as a stark reminder of the importance of proactive cybersecurity measures in safeguarding user data.
#Apple #Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
Apple Service Ticket Portal Vulnerability Exposes Millions of Users Data
Author: KaaviyaA critical security flaw in Apple’s service ticket portal has come to light, potentially exposing the sensitive data of millions of users.
The vulnerability, rooted in a combination of Insecure Direct Object Reference (IDOR) and privilege escalation, allowed unauthorized access to user information, including Mac serial numbers, IMEI numbers, and service ticket details.
When Virtuvil, the researcher, submitted a repair ticket using a QR code, he discovered the problem after investigating the portal’s backend capabilities.
The core issue stemmed from missing access control checks in the portal’s design.
IDOR Vulnerability: The portal assigned unique identifiers to service tickets but failed to validate whether users had permission to access those records.
For instance: A URL containing a parameter like https://service.apple.com/ticket?id=12345 could be modified by changing the id value. This allowed unauthorized access to other users’ tickets without authentication.
Privilege Escalation: Once unauthorized access was achieved, further exploitation enabled administrative privileges.This vertical privilege escalation granted control over sensitive system functionalities, such as modifying repair appointments or accessing customer databases.
Lack of Rate Limiting: The absence of rate-limiting mechanisms amplified the risk. Attackers could use automated tools like intruder scripts to iterate through ticket IDs or user parameters, systematically harvesting data at scale.
Data Exposed
The breach exposed a wide range of sensitive information:
- Customer Data: Names, contact details, and addresses.
- Device Details: Mac serial numbers, IMEI numbers, and warranty statuses.
- Service Information: Repair histories and appointment schedules.
“I accessed the request made to view my ticket and noticed that the URL contained an easily modifiable parameter — my mobile number. By changing the mobile number in the request, I was able to access another user’s ticket, bypassing any authentication measures”, the researcher said
Customer data exposedThe implications of such a vulnerability are severe where the exposure of personal details could lead to identity theft or phishing attacks. A large number of repair appointments could be canceled or changed by malicious actors.
Apple has since patched the vulnerability following its disclosure through its bug bounty program. Security updates were rolled out across affected systems, reinforcing authorization checks and implementing rate-limiting measures.
This breach serves as a stark reminder of the importance of proactive cybersecurity measures in safeguarding user data.
#Apple #Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
