[ad_1]
In 2019, Apple opened its Security Bounty program to the public, offering payouts of up to $ 1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used. to exploit them. The program is designed to help Apple keep its software platforms as secure as possible.
Since then, reports have surfaced that some security researchers are not happy with the program, and now a security researcher who uses the pseudonym “illusionofchaos” has shared his same “frustrating experience”.
In a featured blog post by Kosta Eleftheriou, the anonymous security researcher said he reported four zero-day vulnerabilities to Apple between March and May of this year, but they said three of the vulnerabilities are still present in iOS 15 and one was fixed in iOS 14.7 without Apple giving them credit.
I want to share my frustrating experience of participating in the Apple Security Bounty program. I reported four 0-day vulnerabilities this year between March 10 and May 4, so far three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it and not list it on the security content page. When I confronted them, they apologized, assured me it was due to a processing issue, and promised to list it on the security content page for the next update. There have been three releases since then and they’ve broken their promise every time.
The person said that last week she warned Apple that it would make its research public if it did not receive a response. However, they said Apple ignored the request, leading them to publicly disclose the vulnerabilities.
One of the zero-day vulnerabilities concerns Game Center and would allow any application installed from the App Store to access certain user data:
– Apple ID email and associated full name
– Apple ID authentication token that provides access to at least one of the endpoints on * .apple.com on behalf of the user
– Full read access to the filesystem to the Core Duet database (contains a contact list of Mail, SMS, iMessage, third-party messaging apps, and metadata about all user interactions with those contacts (including including timestamps and statistics), as well as some attachments (like URLs and texts)
– Full read access to the Speed Dial database file system and address book database, including contact photos and other metadata like creation and modification dates)
The other two zero-day vulnerabilities that are apparently still present in iOS 15, as well as the one fixed in iOS 14.7, are also detailed in the blog post.
Click to see the particular Game Center exploit. It’s hard. Things like this should hardly ever fall through the cracks with a working safety program. Instead, with Apple, it’s commonplace. It’s so deeply shattered, yet nothing changes. What will it take? – Marco Arment (@marcoarment) September 24, 2021
Apple has yet to comment on the blog post. We’ll update this story if the business responds.
[ad_2]
Source link