Apple works closely with cybersecurity researchers to keep its millions of devices around the world safe. Finally, a critical security vulnerability discovered in Apple infrastructure and threatening all operating systems was brought to light by 25-year-old Turkish software developer Ali Yabuz.

Officially confirmed by Apple and CVE-2024-0258This vulnerability was recorded in the literature with its code; It directly affects all the company’s main platforms, such as iPhone, iPad, Mac, Apple TV and Apple Watch. This valuable discovery of the young backend developer made a big impact in the cyber security world and was officially credited by Apple.

• Critical Discovery:Turkish software developer Ali Yabuz has identified a major vulnerability in the libxpc/XPC component that affects Apple’s entire ecosystem and can lead to bypassing sandbox endings.

• Official Confirmation from Apple:Apple accepted this vulnerability, recorded in the cyber security world with the code CVE-2024-0258, and officially added the young researcher to its thank you list.

• Comprehensive Update:The cyber security vulnerability in question; It was closed worldwide with critical updates such as iOS 17.4, macOS Sonoma 14.4 and watchOS 10.4.

The Component at the Center of the Danger: What are libxpc and XPC?

Keeping security at the highest level in the Apple ecosystem is based on the “sandbox” architecture, where applications cannot interfere with each other’s space. The gap that caught Ali Yabuz’s radar is exactly at the heart of this architecture, building the bridge between applications and system services. libxpc/XPCis included in the component.

This structure of the system, which under normal circumstances should operate in the safest and most isolated manner, had the risk of turning into a gateway for cyber hackers due to the detected vulnerability. It was understood that malicious individuals or malicious software could use this vulnerability to grant themselves high privileges and infiltrate the deepest system layers of devices. This situation brought with it very serious risks, from the privacy of user information to the complete seizure of devices.

The Adventure That Started at the Age of 13 Moved to Apple Lists

25-year-old Ali Yabuz, a graduate of Yeditepe University Public Relations and Promotion Department, is actually a software developer from scratch. Yabuz, who stepped into the world of coding at the age of 13; Throughout his career, he focused on reverse engineering, low-level programming, operating system components and backend systems. The young software developer, who has been working as a remote Backend Developer at the Azerbaijan-based OctoTech technology agency for the last 4 years, decided to follow his curiosity and technical expertise and examine the Apple infrastructure.

Yabuz, who caught this weak point in the basis of the operating system as a result of his in-depth cyber security research, reported the situation to the Apple Product Security group without wasting time. Following the investigations made by Apple engineers, the existence of the vulnerability was accepted and Ali Yabuz was credited as an official security researcher by one of the most reputable technology companies in the world.

Update Protecting Millions of Devices Released

After the cybersecurity vulnerability was confirmed, Apple took swift action and launched a global update wave. If you update your devices regularly, you may have already installed the security patches prepared with the contribution of this Turkish software developer on your phone or computer. The vulnerability coded CVE-2024-0258 was completely closed with the following operating system versions, making the systems safe:

• iPhone and iPad:iOS 17.4 and iPadOS 17.4

• Mac Computers:macOS Sonoma 14.4

• Apple Watch:watchOS 10.4

• AppleTV:tvOS 17.4

An Inspiring Example for Young Developers

It is of great importance for the domestic technology ecosystem that an independent cyber security researcher from Turkey provides such a critical report to one of the world’s largest technology giants. This success of Ali Yabuz proves how a difference can be made on a global scale with the right focus and technical equipment. Such success stories, especially for young software developers who want to step into the world of cyber security, once again show that the doors of global technology companies are not impossible.