E-Ink News Daily

Back to list

Hacking Apple - SQL Injection to Remote Code Execution

Researchers from ProjectDiscovery discovered a critical SQL injection vulnerability in Apple's Book Travel portal, which was exploitable to achieve Remote Code Execution (RCE). The flaw originated from unsafe handling of user inputs in the Masa/Mura CMS JSON API, bypassing standard sanitization measures.

Background

The vulnerability affects Apple's internal travel booking system powered by Lucee and Masa/Mura CMS, highlighting risks in enterprise content management systems. This disclosure underscores the importance of rigorous code auditing for third-party integrations in large tech organizations.

Source
Lobsters
Published
Jul 12, 2026 at 06:50 PM
Score
9.0 / 10