Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

iOS 15: Disgruntled researcher exposes iPhone lockscreen bypass

Image Description

A security researcher has published details of a new lockscreen bypass technique that can be used to access iPhone content without supplying a passcode or other form of authentication.

The technique abuses quirks in Apple’s Siri and VoiceOver services and could allow an attacker to retrieve information stored in the iPhone Notes app, in which users have been known to store account credentials and other sensitive information.

In a tweet published last week, researcher Jose Rodriguez explained the vulnerability is present in iOS 14.8 and the pre-launch iOS 15 release candidate. He has since also confirmed that the public iOS 15 build, which arrived yesterday, suffers from the same problem.

Apple bug bounty controversy

According to Rodriguez, the decision to disclose the iPhone bug on iOS 15 launch day was a very deliberate one, made in protest of the standard of the Apple bug bounty program.

This is the second time Rodriguez has discovered an iPhone vulnerability of this sort. In a previous instance, he reported the issue directly to Apple, but was unimpressed by the way in which the company handled his disclosure and the compensation he received.

“Apple values reports of issues like this up to $25,000,” he wrote, in reference to the latest vulnerability. “But for reporting a more serious issue I was awarded with $5,000.”

In a later tweet, he explained he had decided to disclose the new vulnerability publicly “in hopes Apple realizes it is being tightwad rewarding security bug reports, and reconsider the bounties (sic)”. 

This is not the first time in recent weeks the company’s bug bounty program has come under fire. Earlier this month, reports emerged of a massive backlog of unfixed bugs and general frustration among security professionals who have engaged with Apple.

TechRadar Pro has asked Apple for comment on the criticisms of its program, but the company is yet to respond.

Via TheRecord

Date

21 Sep 2021

Sources


Share


Other Blog

  • The best Samsung Galaxy Tab A prices and deals in September 2020

    Get a great deal on one of the best cheap tablets

    Read More
  • New phishing campaign targeting US tax return payers ahead of 2021 deadline

    Phishing scam aims to take control of your machine while exposing sensitive financial and personal information.

    Read More
  • Microsoft Teams update will make using the mobile app less of a chore

    Microsoft is preparing a selection of welcome upgrades for the Teams mobile app.

    Read More
  • Amazon devices will soon share your internet with the neighbourhood: here's how to switch it off

    If you live in the US, your Amazon device will opt-in to share your Wi-Fi with other devices.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us