Apple patched the bypass of the iOS lock screen without acknowledging its discovery

Audiences support AppleInsider and can earn a commission when you shop through our links. These partnerships do not affect our editorial content.

With the release of iOS 15.0.1, Apple fixed the recently discovered lock screen bypass, but failed to publicly identify the weakness or the person who discovered it.

In September, researcher Jose Rodriguez described in detail the vulnerability of iOS that allows attackers to bypass the protected iPhone lock screen and access notes through a combination of VoiceOver and common sharing tools.

On September 20, Rodriguez posted proof of a concept on his YouTube channel that illustrates methods by which user notes can be copied and sent to another device. The researcher did not reveal the vulnerability to Apple before it went public, saying at the time that he was “betraying” the exploitation in hopes of shedding light on issues related to the bidding program for the tech giant’s Bug.

As Rodriguez noted in a Twitter post on Friday, Apple’s iOS 15.0.1 release includes a lock screen bypass update. The accompanying release notes show that Apple did not award the CVE label or give recognition to the researcher for detecting the defect. The company made a similar move last month when it quietly fixed a bug in macOS Finder.

In last week’s report, researchers criticized Apple’s bidding program with errors due to a general lack of communication and payment issues for detected vulnerabilities. These opinions were recently reiterated by security researchers Denis Tokarev, Bobby Rauch and Rodriguez, who all discovered the bugs and reported them to Apple.

In an interview last month, technology engineering chief Ivan Krstic called the program a “runaway success”, adding that Apple was collecting feedback as it continued to “increase and improve” the initiative. Apple is working hard to fix the bugs and “learn from them to quickly improve the program,” he said at the time.

Recent reports indicate that Apple has hired a new team leader to reform the Bug Bounty program.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button