Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program
I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are...
Hasnain says:
Yikes. Given all the similar experiences popping up recently this is not a good look.
“I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.”
Posted on 2021-09-24T03:39:07+0000