Researcher Discloses iPhone Lock Screen Bypass on iOS 15 Launch Day (therecord.media) 25
On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user's notes. From a report: In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year. "Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded with $5,000," the researcher wrote on Twitter last week. [...] Because of the unprofessional way Apple handled his bug report, the researcher published today a variation of the same bypass, but this time one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock. Further reading: Apple Pays Hackers Six Figures To Find Bugs in Its Software. Then It Sits On their Findings.
Oooooopsie! (Score:1)
Try again (:
Hey Apple! Pay up! (Score:1)
Or all bets are off
Apple is just as stupid as the others (Score:3)
They hide it a bit better though.
Re: (Score:3)
I really have to question Apple's code practices if things like SMS messages and WiFi SSID names can trigger even trivial bugs, let alone ones that can own the device. Do they parse application strings in the kernel or something? And how is it that bugs in safari are capable of owning the device as well? That's Microsoft level of fail, only Apple managed to figure out how to do it without ActiveX.
Re: (Score:2)
I really have to question Apple's code practices if things like SMS messages and WiFi SSID names can trigger even trivial bugs, let alone ones that can own the device. Do they parse application strings in the kernel or something? And how is it that bugs in safari are capable of owning the device as well? That's Microsoft level of fail, only Apple managed to figure out how to do it without ActiveX.
Android fell over the same things over the years (SMS and Wifi). As a matter of fact, SMS uses a subsystem that is not part of iOS or Android but a third party. Taking this over doesn't make you root on the phone, but it gives you access to the radio. That's enough to be "hacked". No need to get Kernel access.
As far as the browser is concerned, one of the ways to make browsers faster is to give it more privilege (JIT, other stuff) and both Android and iPhone uses this technique. As a matter of fact, to make
Isn't it obvious by now? (Score:3)
Re: (Score:2)
They collect them and keep them functional so the three letter agencies get their bypasses without Apple actively providing explicit backdoors.
Yes, of course. And the end result of that ignorance is...wait, HOW many people in the agencies are now running around sporting a critical vulnerability on their communications hardware, that the black hats of the world now know about?
Rather shitty tactic to not think though if your theory has any validity.
Re: (Score:1)
Re: (Score:2)
The people *equipped* with handcuffs never end up *in* handcuffs. No arrest, no need to worry about a back door.
I was referring to the communications hardware that the people *equipped* with handcuffs rely on every day to do their jobs. Let's stop pretending no one in Government uses a (vulnerable) iPhone, and I'm not sure how you're going to slap the cuffs on the malware to prevent compromise.
And if there were no need for a back door for those with handcuffs, companies like Celebrite wouldn't exist.
Re: (Score:1)
Security Researcher or Ransom Researcher? (Score:1)
Re: (Score:1)
Perhaps it isn't enough.
How much do you think it's worth? Others will disagree with any figure you propose.
There's no actual yardstick to measure the value of something like this. I don't know how one could even do it in an objective way
Re:Security Researcher or Ransom Researcher? (Score:5, Insightful)
> There's no actual yardstick to measure the value of something like this.
Sure there is, next time don't tell Apple and sell it on the black market.
Re: (Score:1)
Re: (Score:2)
I can't speak for the guy's time and effort but since there is no contract or agreement in place what is he supposed to do? Apple paid what they felt it was worth and he disagrees.
Apple and Google set the price - but Apple lies (Score:3)
Apple sets the price, on the bug bounty menu. Apple says they pay $100K for an exploit that gives the attacker access to sensitive information. The reporter must agree not to discloxe it publicly.
When they are given such an exploit, they instead pay $5,000 and publicly state that they fixed it, when they haven't. They do not respond when asked about the payment that's 95% less than it's supposed to be.
Versus Google, for example, who pays what they say they'll pay, and communicates about any issues.
That's t
not that impressed.... (Score:3)
Re: (Score:2)
Is it a bug or a feature? :-)
Annoying article (Score:2)
I have my android set up to let me dictate texts or do navigation without unlocking my phone if it thinks it recognizes my voice. Is this related to that kind of thing?
Re: (Score:2)
This article doesn't give enough information for me to decide whether Apple is in the wrong.
I guess that depends on what you are looking for. The article and the tweet describe it clearly enough: "Apple values reports issues like this with up to $25,000, but for reporting a more serious issue I was awarded with $5000. I will send in private a [Proof of Concept] video to who asks for it when iOS 15 is public."
Apple says they'll pay out up to $25,000 as part of a bug bounty program. Across most companies the programs are set up so people have an incentive to tell the company first and help them q
Re: (Score:3)
I watched the video... all of it. (Score:2)
https://www.youtube.com/watch?... [youtube.com]
This doesn't exactly scream $100,000 bounty at me. I guess depending on how much you hate Apple your opinion may differ.