In 2019, Apple launched a bug-fixing program that rewards researchers who share dangerous operating system vulnerabilities with the company up to $ 1 million. The app was launched to keep Cupertino products safe, but now a security researcher says the company has ignored three zero-day vulnerabilities in iOS 15.
Ever since Apple launched such a program, some security researchers have expressed dissatisfaction with it, and now another researcher has shared such an experience. The person whose name is not known, said from March to May this year, four zero-day vulnerability in Apple reported, but three of them in iOS 15 there .
The security researcher also said that one of these vulnerabilities was fixed in iOS 14.7 without Apple giving him credit:
"I want to share my tedious experience of participating in the Apple Security Bounty program. Between March 10 and May 4 of this year, I reported four zero-day vulnerabilities to Apple, three of which are still in the latest version of iOS 15.0, and one in iOS 14.7. Resolved. However, Apple did not consider it and did not add security content to the page. "When I informed them about this, they apologized to me and said that such a thing would be added to this page in a future update, but since then three copies have been released and Apple has not kept its promise."
One of these zero-day vulnerabilities is related to Game Center, which apparently allows apps to access some user data such as Apple ID email and system files. Apple has not yet commented on the report.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated