Researcher Violates Apple, Microsoft and Others with Installer


News Highlights: Researcher Violates Apple, Microsoft and Others with Installer

A security researcher hacked into the internal systems of large companies such as Apple, Microsoft, PayPal, and others with a supply chain attack he called “dependency confusion.”

The attack exploited a flaw inherent in many popular installers used by developers for packages and dependencies. By uploading malware to open source repositories, researcher Alex Birsan was able to trick these installers into downloading his malicious code, according to a write down he posted on Medium.

In Apple’s case, Birsan was able to compromise several machines on the company’s internal network after downloading malicious code in a Node package that he uploaded to npm, a package manager for JavaScript. In particular, Birsan was able to break through projects related to the Apple ID authentication system.

Apple told the researcher that the vulnerability could have been used to execute remote code on Apple servers. When asked if an attacker could have injected loopholes into Apple ID, Birsan said that “reaching a backdoor in an operational service requires a more complex sequence of events and is a very specific term with additional connotations.”

The Cupertino …

Read more from Source
Copyright @ appleinsider.com

  • Check the latest Gaming news updates and information about games.
  • Please share this news Researcher Violates Apple, Microsoft and Others with Installer with your friends and family to support us your one share helps us a lot.
  • Follow us on Facebook and Twitter if you need more updates like this.
Compsmag is supported by its audience. When you buy through links on our website, we may earn an affiliate commission fee. Learn more

Source…