CreatorsPublishersAdvertisers
View more in
Business

Apple Accused Of Ignoring Three 0-Day Vulnerabilities And Skirting Bug Bounties

By Ben Funk
Hot Hardware
 8 days ago

Cover picture for the articleLike many big tech companies including Microsoft and Google, Apple has a bug bounty program that pays big bucks for newly-discovered security vulnerabilities. The fees for confirmed reports of issues range from $25,000 for "limited" unauthorized control of an iCloud account, to a cool million bucks for a zero-click remote chain with full kernel access without requiring user interaction. Of course companies build good will by following through on their promises of payment in these programs. When a researcher feels ignored, however, that can break trust in the program and leave vulnerabilities unpatched and exposed.

hothardware.com

Comments / 0

Related
AFP

Decade after Jobs' death, has Apple traded magic for profit?

Ten years after Apple founder Steve Jobs' death, the firm has grown into a colossus of devices and services that is the world's most valuable company, but the tech legend's diehard fans lament its lost aura of revolution. "Apple doesn't innovate anymore" or "Steve Jobs is turning in his grave" are the type of disillusioned tweets that pop up especially during product launches led by Tim Cook, who took Apple's reins in August 2011. On the surface, Jobs -- who died October 5, 2011 after a battle with pancreatic cancer -- left the company DNA imbued with his demanding intensity. At every launch, Cook delivers the same hyperbolic turns of phrase that Jobs once did to unveil even incremental changes to the cameras or chips in its range of phones, tablets and other devices.
BUSINESS
Hot Hardware

Google’s Chrome Browser Is Under Active Attack, Patch Now

In mid-September, Google patched some actively exploited zero-day vulnerabilities discovered in Google Chrome. Now, the web search giant has done it again with several new security fixes in the 11th hour of September, and you should patch right now. Published on Thursday, the stable channel update for Google Chrome, denoted...
INTERNET
Wired

A Simple Bug Is Leaving AirTag Users Vulnerable to an Attack

The hits keep coming to Apple's bug-bounty program, which security researchers say is slow and inconsistent to respond to its vulnerability reports. This time, the vuln du jour is due to failure to sanitize a user-input field—specifically, the phone number field AirTag owners use to identify their lost devices. Security...
COMPUTERS
IN THIS ARTICLE
#Big Tech#Information Security#Bounty#Washington Post
Macworld

Apple releases iOS 15.0.1 with fix for Apple Watch unlock bug

Every major new yearly iOS update comes with a few bugs, despite Apple running a big beta-test program that lasts months and incorporates millions of users. When you’ve got enough hardware in the world, you just can’t catch everything. Some of those bugs have been big enough that we recommend users wait to upgrade to iOS 15 until a few of them are fixed.
TECHNOLOGY
theedgemarkets.com

Apple fixes iPhone 13 bug that prevented unlock with Apple Watch

(Oct 2): Apple Inc., which began selling the iPhone 13 last week, fixed a bug Friday that prevented the device from being unlocked with an Apple Watch. The bug irked early adopters of the new phone, many of which likely have Apple Watches and use the feature to bypass Face ID, which can’t be used with masks on. The fix came in the form of an iOS 15.0.1 software update.
CELL PHONES
Hot Hardware

Grifthorse Android Malware Claims 10 Million Victims Globally In Premium Subscription Scam

Practically everyone owns a mobile device these days, and the majority of them run on Android, the most popular smartphone OS in the world. Don't think that malicious hackers aren't paying attention. Just the opposite, a security firm says it recently discovered an "aggressive mobile premium services campaign" that has infected upwards of 10 million Android devices around the world.
CELL PHONES
AFP

Google pulls plug on plan for mobile banking in Pay app

Google has hit the brakes on a project to add mobile banking to its Pay app, even as the online financial services market for everyday investors heats up. Google said late last year that it was working with nearly a dozen credit unions and banks, including Citigroup, for inclusion in its Plex project for its Pay mobile app available on Android smartphones.
INTERNET
YOU MAY ALSO LIKE
NewsBreak
Microsoft
NewsBreak
Business
NewsBreak
Apple
NewsBreak
Data Security
NewsBreak
Technology
NewsBreak
Economy
NewsBreak
Google
kaspersky.com

Three vulnerabilities in Google Chrome

Google has released an emergency update for the Chrome browser that addresses three vulnerabilities: CVE-2021-37974, CVE-2021-37975, and CVE-2021-37976. Google experts consider one of the vulnerabilities as critical and the other two as highly dangerous. What’s worse: according to Google cybercriminals have already exploited two of these three vulnerabilities. Therefore, Google...
INTERNET
KRON4 News

Is the iPhone 12 Pro Max worth it?

BestReviews is reader-supported and may earn an affiliate commission. Details. Should you buy the iPhone 12 Pro Max? Buying a new phone can be daunting. You’ll be using it daily for at least a couple of years, so you want to make sure it ticks all your boxes before you buy. If you’re looking for a […]
CELL PHONES
BGR.com

Apple iPadOS 15: Everything you need to know

A few years, Apple signaled that it was ready to take the software experience on the iPad a little more seriously, by splitting iOS and the newly named iPadOS. The idea was that the iPad would become a little more productive, and a little better at using that extra screen real estate. And that continues to be true in the new iPadOS 15, which is now widely available. No, Apple didn’t bring macOS to the iPad after launching an M1 iPad Pro earlier this year. But honestly, not many actually expected the company to do so. Still, iPadOS is getting a...
TECHNOLOGY
BGR.com

Apple Watch Series 7: All there is to know about Apple’s latest watch

Apple’s latest and greatest smartwatch is here. The Apple Watch Series 7 was announced at the company’s California Streaming event, which is also where Apple launched the iPhone 13 series. The device offers a new, larger display, along with a series of new features that help make it arguably the best smartwatch ever released. Safe to say, even if you have an Apple Watch Series 6, you may want to upgrade to the Apple Watch Series 7, depending on what’s important to you. Interested in learning more? Here’s everything you need to know about Apple’s latest smartwatch. Apple Watch Series 7 design Apple usually...
ELECTRONICS
Ghacks Technology News

Another Chrome emergency update to patch 0-day vulnerabilities is now available

Google released another security update for the company's Google Chrome web browser that brings the version of the browser to 94.0.4606.71. Google Chrome 94.0.4606.71 is a security update that fixes two vulnerabilities that are actively exploited in the wild according to Google. The update is the third update that Google released this month to address 0-day security issues in Google Chrome that are exploited in the wild.
INTERNET
BGR.com

Apple iPhone 14: Rumors, news, release date, and more

The iPhone 13 was recently announced, but we’re already looking ahead to the iPhone 14. Why? There have been plenty of rumors about the upcoming device, what it will look like, and what features will be on offer. In other words, while the phone could certainly surprise us, we may have a good idea of what the device will end up looking like. If you bought an iPhone 12, you may not even care about what the iPhone 13 offers. Instead, if you upgrade your phone every few years, the iPhone 14 may be more important to you. We’ll be updating this...
CELL PHONES
Tyla

iPhone Users Warned To Remove Visa Cards From Wallets And Apple Pay

Experts are urging iPhone users to remove any Visa cards from their Wallet app or Apple Pay, as a glitch could lead to criminals making unlimited contactless payments. Researchers at the University of Birmingham and the University of Surrey have warned the new Express Transit mode could now be exploited by fraudsters to make payments from an iPhone inside someone’s bag.
CELL PHONES
Hot Hardware

Apple AirTags Are Being Weaponized Against Good Samaritans With This Security Exploit

A security researcher has discovered an Apple AirTags vulnerability that can effectively turn an affordable tracker into a cheap phishing lure. This is made possible through the tracker's "Lost Mode," where the intention is that if a user loses their AirTag, they can mark it as missing. Supposing an honest individual comes across the lost tracker, a custom link will send them to a website with the owner's phone number and whatever message they might want to leave.
ELECTRONICS
TechSpot

Apple AirTags are vulnerable to stored XSS injection attacks

PSA: Be warned: Apple AirTags are currently vulnerable to stored cross-site scripting (XSS) attacks. Among the various XSS exploits possible is a simple site redirect. If you find an AirTag and are asked to log in to iCloud to alert the owner, you have found a "weaponized" tag. Do not enter your credentials! No login is necessary to report you have found an AirTag.
ELECTRONICS

Comments / 0

Community Policy