Three iOS 0-days revealed by researcher frustrated with Apple’s bug bounty

by
Jim Salter
from Ars Technica - All content on (#5PYXJ)
apple-keyway-800x450.jpg

Enlarge / Pseudonymous researcher illusionofchaos joins a growing legion of security researchers frustrated with Apple's slow response and inconsistent policy adherence when it comes to security flaws. (credit: Aurich Lawson | Getty Images)

Yesterday, a security researcher who goes by illusionofchaos dropped public notice of three zero-day vulnerabilities in Apple's iOS mobile operating system. The vulnerability disclosures are mixed in with the researcher's frustration with Apple's Security Bounty program, which illusionofchaos says chose to cover up an earlier-reported bug without giving them credit.

This researcher is by no means the first to publicly express their frustration with Apple over its security bounty program.

Nice bug-now shhh

illusionofchaos says that they've reported four iOS security vulnerabilities this year-the three zero-days they publicly disclosed yesterday plus an earlier bug that they say Apple fixed in iOS 14.7. It appears that their frustration largely comes from how Apple handled that first, now-fixed bug in analyticsd.

Read 15 remaining paragraphs | Comments

index?i=xhC7wvsVdRs:jI0KoLBHefM:V_sGLiPB index?i=xhC7wvsVdRs:jI0KoLBHefM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments