Published on

Bug bounties prohibit destructive behavior but sometimes sh!t happens! #bugbounty #cybersecurity #e

4. Bug Bounties Prohibit Destructive Behavior But Sometimes Sh!t Happens! #bugbounty #cybersecurity #e

Technical hackers are meant to do no harm, but sometimes things don't quite go as you plan. This is exactly what happened to Franz Rosen on his way to making $ 28,000 with an Apple shortcut bug. Here's what happened:

Apple CloudKit acts as storage for lots of Apple products like iCloud and Shortcuts. Franz was exploring the different permissions apps have when talking to CloudKit: some can modify, some can delete, others can't. Now, when coming in directly from Shortcuts, he didn't have much luck, but coming in from iCloud pretending to be Shortcuts, something crazy happened.

He attempted to delete the shortcut zone from iCloud, and Apple said "deleted: true." Immediately, everyone globally noticed Shortcuts were broken. Of course, Apple asked Franz to please stop, but they recognized that this was an accident, and they still paid $ 28,000 for the bug.

Keyword

  • Technical hackers
  • Bug bounty
  • Franz Rosen
  • Apple CloudKit
  • iCloud
  • Shortcuts
  • Permissions
  • Deleted
  • Accident
  • $ 28,000

FAQ

Q1: What is Apple CloudKit? A1: Apple CloudKit is a storage service for many Apple products such as iCloud and Shortcuts.

Q2: Who is Franz Rosen? A2: Franz Rosen is a technical hacker who discovered a vulnerability in Apple's CloudKit, which led to the global malfunction of the Shortcuts app.

Q3: How did Franz Rosen discover the bug? A3: Franz discovered the bug while exploring different permissions apps have in CloudKit, particularly by pretending to be Shortcuts when coming from iCloud.

Q4: What happened when Franz tried to delete the shortcut zone from iCloud? A4: iCloud responded with "deleted: true," causing the Shortcuts app to break globally.

Q5: How did Apple respond to the bug discovery? A5: Apple asked Franz to stop the activity immediately, but they still recognized it was an accident and rewarded him $ 28,000 for identifying the bug.

Q6: Did Franz intend to harm the system? A6: No, the disruption was an accidental consequence of testing Apple's CloudKit permissions.

Q7: How much did Apple pay Franz for the identified bug? A7: Apple paid Franz $ 28,000 for discovering the bug.

Read More