Researcher discloses iPhone lock screen bypass on iOS 15 launch day #Eagleweb

Eagleweb

Kıdemli Üye
8 May 2021
2,120
1,151
localhost/e8
Hi Guys,


logo.png
On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user’s notes.
In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported to the company earlier this year.

“Apple values reports of issues like this with up to $25,000 but for reporting a more serious issue, I was awarded with $5,000,” the researcher wrote on Twitter last week.








Rodriguez said he was referring to lock screen bypasses tracked as CVE-2021-1835 and CVE-2021-30699, which Apple patched in April and May, respectively.

The two issues allowed threat actors to access instant messaging apps like Twitter, WhatsApp, or Telegram even while the phone was locked [video here].

“Apple mitigated this, [but] didn’t fix at all, and they never asked me if the issue was fixed,” Rodriguez told The Record today.

Because of the unprofessional way Apple handled his bug report, the researcher published today a variation of the same bypass, but this time one that uses the Apple Siri and VoiceOver services to access the Notes app from behind the screen lock.


KhJDZS.gif




KhJDZS.gif

Rodriguez has now added his name today to a long list of security researchers who have criticized Apple for how it handles its public bug bounty program. A Washington Post article

published two weeks ago contained similar accusations from other researchers about how the company’s security team was leaving bug reports unsolved for months, shipping incomplete fixes, low-balling monetary rewards, or banning researchers from their program when they complained.
 

'ReDLiNe

Blue Team Lideri
23 Haz 2015
7,606
3,432
23
Ankara
it's kind of weird, so it's a crippling situation for a brand like Apple to have such a security issue. We hope this issue is closed or it could damage Apple's reputation.

Also. Good job my friend. Thanks for this topic 👍
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.