The expert attempted to contact Apple for clarification, but the remaining flaws were not addressed.īelow is the list of GitHub repositories that contain PoC source code for the zero-days discovered by the expert, which were also shared with Apple. “There were three releases since then and they broke their promise each time.” When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update.” wrote the expert. I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. “I want to share my frustrating experience participating in Apple Security Bounty program. The experts discovered the four zero-day issues between March 10 and May 4 and reported them to the IT giant.Īccording to the researcher, Apple addressed one of the issues in July without crediting him, while the remaining flaws are yet to be patched.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |