Sunday, 15 December, 2019

Apple offers $1 million bounty for spotting iPhone security flaws

Apple Contacts app leave iPhones and iPads vulnerable to hacking Apple offers $1 million bounty for spotting iPhone security flaws
Cecil Davis | 13 August, 2019, 16:27

Since the Contacts app is a "trusted source" on iOS, once the researchers replaced a specific component of the Contacts app, the malicious code could be activated and carry out the hacker's commands with iOS being none the wiser. But SQLite databases do not need to be signed. Because of a known four-year-old bug that Apple decided not to fix. The Cupertino company had its own reasons for not fixing the bug despite being aware of its existence.

The bounty, which was announced by the iPhone-maker at the annual Black Hat hacker convention in Las Vegas, is the company's biggest ever. All it takes is a different, sometimes unrelated bug to modify the Contacts app from afar. Thankfully, Check Point security researchers believe that the exploit has not been used out in the public yet. And iOS is a closed ecosystem with no room for unknown apps. Check Point's hack works on devices running iOS 8 through the beta versions of iOS 13. All they needed was some tape, a pair of spectacles, and an unconscious or sleeping iPhone user.

Apple's previous highest "bounty" was $200,000 for friendly reports of bugs that can then be fixed with software updates and "not leave them exposed to criminals or spies". One of the bugs allowed hackers to gain access to your iPhone or iPad by sending you a text message. He declined to inform Apple the details of the vulnerability, though, to protest the fact that its bug bounty project only pays out for iOS errors and not for macOS flaws.

Jurgen Klopp Expects Short-Term Liverpool Arrival To Be On Bench In Istanbul
He's a brilliant character, a really nice lad and helped us a lot in the pre-season and now we chose to work together with him'. Liverpool have a crisis between the sticks after Alisson suffered a calf injury in Friday's win against Norwich.

Apple Insider received the 4,000 word report by security researchers at Check Point which highlights a vulnerability in the iPhone and iPad's Contacts app.

The bug was reported back in 2015 against both Mac OS X and iOS but has remained unfixed on the iOS side.

With people growing more concerned about their digital privacy and how secure their personal data is, Apple is putting its money where its mouth is when it comes to protecting its customers from hackers. But the new program is open to anyone in the world. Principal security researcher at Jamf - who's found more than a few issues within the macOS - has said that "if you're a large, well-resourced company such as Apple, who claims to place a premium on security, having a bug-bounty program is a no brainer".