Recently, DropBox conducted a pen test to mark potential security issues with Mac OS. Syndis, a Cyber Security company was committed by DropBox to perform this pen test. The whole process was allegedly spat by Chris Evans, Safety Head of DropBox. During the test, the Ethical Hackers team revealed 3 Zero-Day vulnerabilities in Apple.
Pen Test Needed
DropBox, a cloud-based backup service provider, was the last to perform a pen test. In fact, this IT company is charged with the responsibility of protecting the data of its customers.
Evans allegedly stated
"We know that we are targeting opponents who can develop and use zero-day exploits against us, and we must protect ourselves accordingly.
With a large number of ongoing security threats, many people are raining IT companies with pen tests conducted by Red Teams to increase security and achieve higher standards. [1
As a result of this pen test, Syndis revealed three major zero-week weaknesses in the Mac OS platform, including CVE-2017-13890, CVE-2018-4176, CVE-2018-4175. The findings reportedly reported the possibility of cyber attacks, if the hacker knew about these three vulnerabilities and exploited them together.
In other words, if an attacker designs malicious code and induces a DropBox employee to visit it s breastfeeding from a Safari Browser, cyber attack could be successful.
DropBox dottoously informed this to Apple, which in turn resolved these issues in less than a month, while it is not uncommon for other IT Giants to take at least 90 days, which is the maximum timeframe given to an IT company to either freeing a patch, or declaring the deficiencies to the public as a whole.
I'm a Tech Geek, Travel Freak and a Crypto Buff. I like to write about Tech News, Blockchain, Crypto and Travel. I hope you enjoy reading my recipes, thanks.