And that the vendor did not pay the promised reward Russian programmer under the nickname illusionofchaos spoke about how, in his opinion, the Apple Security Bounty vulnerability search program works. mobile/”class =” PfUsGslq “title =” Russian programmer spoke about Apple's devil-may-care attitude to protecting the iPhone from hackers “alt =” A Russian programmer spoke about Apple's disregard for protecting the iPhone from hackers “Russian programmer spoke about Apple's devil-may-care attitude to protecting the iPhone from hackers />
According to the source, illusionofchaos reported back to Apple's support service in April of this year about four vulnerabilities found in the protection of iPhones. The company promises a reward of $ 100 thousand for the found 0-Day vulnerabilities that have not yet been identified at the testing stage.
The programmer said that the vulnerabilities he found allow you to get:
1 . Unhindered access to personal information about the user: email data, Apple ID, full name of the owner of the gadget.
2 . Access to email, iMessage, SMS contacts and their attachments.
3 . Information about all applications installed on the iPhone.
4 . All information about Wi-Fi sessions.
All vulnerabilities, according to illusionofchaos, work through a private API.
As the source notes, Apple only responded with a letter of receipt of information and did not respond to hints of a reward. According to illusionofchaos, after that the company fixed one of the four vulnerabilities, so three of them remained in iOS 15.
Since Apple never paid, illusionofchaos posted information about the vulnerabilities in the open access.