Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait - The Register
Sep 24, 2021 1 min, 51 secs
Upset with Apple's handling of its Security Bounty program, a bug researcher has released proof-of-concept exploit code for three zero-day vulnerabilities in Apple's newly released iOS 15 mobile operating system.

The bug hunter, posting on Thursday to Russia-based IT blog Habr under the name "IllusionOfChaos" and to Twitter under the same moniker, expressed frustration with Apple's handling of vulnerability reports.

"I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page," the researcher wrote.

The researcher added that the vulnerability dump conforms with responsible disclosure practices, noting that Apple was informed and has done nothing.

Kosta Eleftheriou, the developer behind the Apple Watch keyboard app FlickType (who earlier this year sued Apple for App Store market abuse), said via Twitter that he tested the Gamed 0-day on iOS 14.8 and iOS 15 and confirmed that it works as advertised.

"The bugs are neat, but unlikely to be widely exploited," security researcher Patrick Wardle, founder of free security project Objective See and director of research at security biz Synack, told The Register.

"Any app that attempted to (ab)use them would need to first be approved by Apple, via the iOS app Store.".

"And that security researchers are so frustrated by the Apple Bug Bounty program they are literally giving up on it, turning down (potential) money, to post free bugs online.".

Wardle said he considered the researcher's critique of Apple's Security Bounty program to be fair.

While some developers have found Apple's Security Bounty program rewarding, others share the frustration expressed by "IllusionOfChaos." In July, 2020, Jeff Johnson, who runs app biz Lapcat Software, went public with a privacy bypass vulnerability because Apple failed to fix the bug he had reported.

At the time, he told The Register, "Talking to Apple Product Security is like talking to a brick wall.".

The Register asked Apple to comment, but the brick wall did not respond.

This is a very different distribution model than the one Apple or Microsoft uses, and it confuses newcomers

The Register - Independent news and views for the tech community

1. Call of Duty: Vanguard: Video game tackles diversity and World War II - USA TODAY
Oct 16, 2021 # technology 1 min, 43 secs
2. LLCHD reports five more deaths from COVID-19 - 1011now
Oct 13, 2021 # health 38 secs
3. Megan Fox & Brian Austin Green Reach Divorce Settlement - TMZ
Oct 16, 2021 # entertainment 18 secs
4. WHO honours Henrietta Lacks, whose cells changed medicine - Al Jazeera English
Oct 14, 2021 # politics 1 min, 23 secs
5. Coronavirus, il chairman di Moderna: «Uno scudo globale anti pandemia per risposte rapide e più giuste»
Oct 10, 2021 # breaking 2 mins, 4 secs
6. James Bond walks into a gay bar. But should he? - NBC News
Oct 15, 2021 # entertainment 1 min, 1 sec
7. Leonardo ko in Borsa: il caso della fornitura di componenti difettose ai Boeing 787
Oct 14, 2021 # breaking 53 secs
8. Marin County, now with moderate transmission, might be able to lift mask mandate in three weeks - San Francisco Chronicle
Oct 14, 2021 # health 57 secs
9. Switch OLED Is Off To A Modest Start In Japan Due To Low Stock Levels - Nintendo Life
Oct 14, 2021 # technology 2 mins, 33 secs
10. Parents say Walgreens mistakenly injected them and their two kids with the Covid-19 vaccine instead of flu shot - WFSB
Oct 14, 2021 # health 3 secs
11. In a rocky Israeli crater, scientists simulate life on Mars - New York Post
Oct 11, 2021 # politics 41 secs
12. Google Clock for Wear OS looks to be getting a Material You redesign [Gallery] - 9to5Google
Oct 11, 2021 # technology 37 secs
13. Day–night cloud asymmetry prevents early oceans on Venus but not on Earth -
Oct 13, 2021 # science 44 secs
14. Michael Caine Thinks 'Best Sellers' Has 'Turned Out To Be What Is My Last Part' - HuffPost
Oct 16, 2021 # entertainment 24 secs
15. 'Powerful auroras' on alien planets may be sending strange radio signals toward Earth -
Oct 14, 2021 # science 1 min, 15 secs
16. What does a ‘mild-to-moderate’ breakthrough COVID case look like? -
Oct 10, 2021 # politics 1 min, 18 secs


Get monthly updates and free resources.


© Copyright 2021 365NEWSX - All RIGHTS RESERVED