Login to comment
Why is Apple not working with security researchers who are finding highly critical bugs like these?— Stefan Arentz ? ? ?? (@satefan) September 24, 2021
They should put someone competent in charge to run a proper security bounty program.
It is just so bizarre that this is completely mismanaged. https://t.co/0kwChrEDam
Apple will never change their ways until they're publicly shamed. Sad to see it has come to this.— Kosta Eleftheriou (@keleftheriou) September 24, 2021
Click through to see the Game Center exploit in particular. It’s rough.— Marco Arment (@marcoarment) September 24, 2021
Things like this should almost never slip through the cracks with a functioning security program.
Instead, with Apple, it’s commonplace.
That’s so deeply broken, yet nothing changes.
What will it take?
"I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page" ?— 10 GOTO 10 (@mahemoff) September 24, 2021
Rumors are saying that Apple can’t afford to pay the maximum payouts on bug bounties and that’s why they never did. I’m starting a fund raising to help Apple, reach out if you want to donate and assist Apple through that difficult period.— Matt “Swish” Suiche (@msuiche) September 24, 2021
NEW: A researcher has published the source code for exploits that take advantage of three unpatched iPhone bugs.— Lorenzo Franceschi-Bicchierai (@lorenzofb) September 24, 2021
Another researcher said he was able to reproduce exploits in 30 mins. But bugs are not *that* dangerous for users. https://t.co/exxHhzWufa
?Apple ignored this person. Now they’re publishing multiple proofs-of-concepts:— Kosta Eleftheriou (@keleftheriou) September 24, 2021
“I've reported four 0-day vulnerabilities this year [...], three of them are still present in [iOS 15.0] and one was fixed in 14.7, but Apple decided to cover it up”?https://t.co/eKzq6BEupG
When Apple doesn’t bother to fix serious issues long after they’ve been *reported* to them, how can we trust them to be the good stewards of an ecosystem used by a billion people?— Kosta Eleftheriou (@keleftheriou) September 24, 2021
Rampant scams on the App Store are another example of Apple’s failings: https://t.co/TIkmJzEVD7
It looks like Apple has a bug bounty problem. This researcher claims they've reported 4 zero days, 3 of which are still exploitable in iOS 15. This after a Spanish researcher dumped a lockscreen bypass because he says Apple ignored him. https://t.co/6cRn2IUQ1z https://t.co/Pgqr85GCwV— Nicole Perlroth (@nicoleperlroth) September 24, 2021
?Can confirm the exploit also works on iOS 15.0 - it's able to silently pull a *trove* of personal information without _any_ kind of user prompt.— Kosta Eleftheriou (@keleftheriou) September 24, 2021
Every OS has security issues. What's important to understand here is how the approaches differ.— Alex Russell (@slightlylate) September 24, 2021
Other OSes let you move your computing to a safer layer (the web) and deliver choice + competition about those protections. Only iOS keeps mobile down in the (security) dirt. https://t.co/mLcuKmGlAc
Login to comment