The company celebrated it.. An Algerian hacker discovers two dangerous vulnerabilities in Apple's systems

The American company Apple (Apple) celebrated an Algerian youth who exposed one of the dangerous vulnerabilities in its security system, and included his name twice on its honor list, which it publishes on its website.

Apple said - via its technical support website - "Apple publishes this list in appreciation and thanks to those who have reported potential security problems in our web servers. The company publishes the discovered vulnerabilities every 3 months after the problem is identified and addressed" and followed it with the names of the people who reported the vulnerabilities who Among them was Abdel Qader Moez.

Describing the achievement, Moez wrote, "Praise be to God, by whose grace good deeds are accomplished, I achieved today one of the best achievements during my career, which I will be proud of because I was able to do it twice."

Bloggers and tweeters on social media platforms praised what Moez did and called on the Algerian authorities to pay more attention to his talent and nurture it in order to benefit from it in the future.

Abdel Qader had published a blog last month in which he said that he was able to prove that the loophole was real and had an impact, and Apple agreed to it and gave him a financial reward.

cross-site programming

The Algerian hacker identified the type of vulnerabilities he discovered, which are cross-site scripting, or as it is known for short as "xss".

This type of attack works on computer systems, and we find it especially in Internet applications through the so-called injection programming, in which some hackers resort to inserting some code for the pages viewed by others.

They try to tamper with some of the main principles in the system such as access control, or try to seize sensitive and important information.

According to the explanation published by Moez, the two vulnerabilities used the same technology, but the second and most dangerous vulnerability included the administrator's account and not the account of an ordinary user, which allowed him to access sensitive information about some users.

And Moez continued - on his Facebook page - that it seems that these loopholes were on Apple sites and not specific to phones or other devices belonging to the American company.

The Algerian hacker determined the type of vulnerabilities he discovered, which are of the type of cross-site programming (communication sites)

Apple announces breakthroughs in its products

This disclosure comes at a time when Apple recommended that owners of some versions of “iPhone” phones, “iPad” tablets and “Mac” computers update the driver software that contains a security flaw that allows controlling these devices.

This problem affected the sixth version of the iPhone and the following versions, all iPad Pro devices, the fifth generation of iPad and later generations, and all Mac computers, according to the website of the American company.

Apple revealed that the previous version of the driver included "an application that may allow the use of arbitrary code" that provides access to the device and allows a hacker to manipulate it.

And "Apple" indicated that "it is possible that this possibility has been exploited" by information hackers, without further details.

She added that this vulnerability could be exploited by "malicious Internet content".

To fix the bug, Apple urged users to download version “15.6.1” of the “iOS” driver for “iPhone” and “iPad OS” phones, as well as for “iPad” and “Mac OS Monterey”, version “12.5” .1 for Mac computers.