Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait - The Register
Sep 24, 2021 1 min, 51 secs
Upset with Apple's handling of its Security Bounty program, a bug researcher has released proof-of-concept exploit code for three zero-day vulnerabilities in Apple's newly released iOS 15 mobile operating system.

The bug hunter, posting on Thursday to Russia-based IT blog Habr under the name "IllusionOfChaos" and to Twitter under the same moniker, expressed frustration with Apple's handling of vulnerability reports.

"I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page," the researcher wrote.

The researcher added that the vulnerability dump conforms with responsible disclosure practices, noting that Apple was informed and has done nothing.

Kosta Eleftheriou, the developer behind the Apple Watch keyboard app FlickType (who earlier this year sued Apple for App Store market abuse), said via Twitter that he tested the Gamed 0-day on iOS 14.8 and iOS 15 and confirmed that it works as advertised.

"The bugs are neat, but unlikely to be widely exploited," security researcher Patrick Wardle, founder of free security project Objective See and director of research at security biz Synack, told The Register.

"Any app that attempted to (ab)use them would need to first be approved by Apple, via the iOS app Store.".

"And that security researchers are so frustrated by the Apple Bug Bounty program they are literally giving up on it, turning down (potential) money, to post free bugs online.".

Wardle said he considered the researcher's critique of Apple's Security Bounty program to be fair.

While some developers have found Apple's Security Bounty program rewarding, others share the frustration expressed by "IllusionOfChaos." In July, 2020, Jeff Johnson, who runs app biz Lapcat Software, went public with a privacy bypass vulnerability because Apple failed to fix the bug he had reported.

At the time, he told The Register, "Talking to Apple Product Security is like talking to a brick wall.".

The Register asked Apple to comment, but the brick wall did not respond.

This is a very different distribution model than the one Apple or Microsoft uses, and it confuses newcomers

The Register - Independent news and views for the tech community

1. NASA stacks Orion capsule atop SLS megarocket for Artemis 1 moon mission (video) - Space.com
Oct 22, 2021 # politics 45 secs
2. We now know Vikings were in the Americas exactly 1000 years ago
Oct 20, 2021 # breaking 17 secs
3. Alex Murdaugh coordinated with former housekeeper's family to sue himself for insurance money and then took $3 million, affidavits say - CNN
Oct 17, 2021 # politics 1 min, 37 secs
4. The Last Picture Show at 50: a melancholic ode to the ghost town - The Guardian
Oct 22, 2021 # entertainment 1 min, 37 secs
5. Selena Gomez looks incredible as she joins Coldplay to perform new single Let Somebody Go - Daily Mail
Oct 19, 2021 # entertainment 1 min, 11 secs
6. Leaked Google Pixel 6 ad provides official pricing details for the imminent flagship - Notebookcheck.net
Oct 17, 2021 # politics 18 secs
7. Sony is testing a PS5 feature that automatically uploads captures to your phone - Gamesradar
Oct 19, 2021 # technology 1 min, 14 secs
8. No One Hurt After Shots Fired Inside Plymouth Movie Theater - CBS Minnesota
Oct 17, 2021 # entertainment 38 secs
9. Bill Clinton to remain in hospital as he recovers from urological infection - The Guardian
Oct 16, 2021 # politics 31 secs
10. AirPods Pro with MagSafe Charging Case now available for pickup at select Apple Stores - 9to5Mac
Oct 20, 2021 # technology 39 secs
11. Missionários americanos são sequestrados por gangue no Haiti
Oct 17, 2021 # breaking 42 secs
12. Haiti gang leader threatens to kill kidnapped missionaries in video - NBC News
Oct 22, 2021 # politics 33 secs
13. Florida education agency to investigate private school ordering pupils who get a vaccine shot to stay home - CNN
Oct 22, 2021 # health 1 min, 52 secs
14. In tree rings and radioactive carbon, signs of the Vikings in North America
Oct 20, 2021 # breaking 1 min, 7 secs
15. ‘The French Dispatch’ Review: Remember Magazines? - The New York Times
Oct 21, 2021 # entertainment 1 min, 54 secs
16. Cheryl Burke reflects on life pre-sobriety and confesses she used to drink 'seven days a week' - Daily Mail
Oct 20, 2021 # entertainment 1 min, 35 secs

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2021 365NEWSX - All RIGHTS RESERVED