Kulgam techie enters Apple ‘Hall of Fame’ for data leak find
Irfan Tramboo
Srinagar, Oct 1: In a display of ethical hacking prowess, 21-year-old Muneeb Amin Bhat, hailing from Zungalpora village in South Kashmir’s Kulgam, has secured a coveted place in Apple’s ‘Hall of Fame.’
The tech giant acknowledged Muneeb’s contribution as a security researcher, recognizing his role in uncovering a vulnerability within Apple’s systems that had the potential to lead to an iCloud data breach.
Muneeb told Excelsior that the vulnerability he identified exposed sensitive iCloud data, encompassing personal photos, videos, PDF files, zip files, Apple Keynote files, calendar information, presentation files, as well as usernames and email addresses of iCloud users.
Initially, he stumbled upon data from approximately 50,000 users. However, he said, further investigation revealed that the attack vector extended to a much larger user base.
“This issue was not confined to just those 50,000 users; it affected almost all users, with new user data being compromised daily. I reported this to Apple promptly three months ago, and they acknowledged my findings,” he stated.
The techie collaborated closely with Apple to comprehend the vulnerability, including its potential for exploitation and replication. Following rigorous analysis and testing, Apple issued a service update to rectify the issue.
“After confirming the successful implementation of the fix, Apple recently acknowledged my efforts and featured me in their Hall of Fame on their official website, acknowledging my contribution as a security researcher. They also mentioned the possibility of a bounty, which is currently under review by their team,” he announced.
Acknowledging those who have contributed to securing their systems in August 2023, Apple published a page on their official website on September 7, 2023-naming Muneeb along with several others from across the world-titled ‘Apple web server security acknowledgments’.
“Apple publishes this article to acknowledge and thank those who reported potential security issues in our web servers. Credit is added after the issue has been identified and addressed,” it reads.
Over the years, Muneeb has established himself as a bug bounty hunter, ethically uncovering vulnerabilities in numerous companies, including industry giants such as Apple, Oracle, Intel, McDonald’s, and USAA Bank.
Originally pursuing a B.Tech degree at SSM College, he decided to forgo it to pursue his passion and interest in cybersecurity. Currently enrolled in BCA through IGNOU, he has set his sights on the OSCF exam, a highly respected certification in the field of cybersecurity.
Muneeb emphasized that what sets ethical hacking apart is the responsible disclosure of security vulnerabilities.
“When I identify these flaws, I report them to the affected organizations, assisting them in securing their systems. In return, I have received numerous Hall of Fame mentions, bounties worth lakhs, and other rewards,” he emphasized.
He pointed out that in today’s digital landscape, cybersecurity is paramount, even for companies with dedicated security teams. This is why, he said, they launch bug bounty programs, inviting ethical hackers to scrutinize their systems.(Daily Excelsior)