On the day of the release of iOS 15, expert showed how to bypass the lock screen

bypass iOS lock screen
Written by Emma Davis

Apple released iOS 15 this week, and on the same day, security expert Jose Rodriguez demonstrated how to bypass the lock screen on an iPhone, which can be used to access a user’s notes.

The researcher admits that it was not by chance that he discovered the bug on this very day. In this way, Rodriguez took revenge on Apple for downplaying similar screen lock bypass problems he had reported earlier in 2021. We are talking about the vulnerabilities CVE-2021-1835 and CVE-2021-30699, which Apple fixed in April and May of this year.

Apple estimates reports of similar problems at $25,000, but I was rewarded $5,000 for reporting a more serious problem.the researcher writes on Twitter.

The aforementioned two vulnerabilities allowed attackers to gain access to the victim’s messengers and other applications, including Twitter, WhatsApp and Telegram, even if the device was locked. Rodriguez explains that Apple has mitigated these bugs but hasn’t fully fixed them, and hasn’t asked the researcher if the patches are working correctly.

As a result, Rodriguez published a new version of the lock screen bypass (working due to the fact that the two previous errors were not fully fixed). This time, he used Apple’s Siri and VoiceOver to access the Notes app. The attack can be seen below.

I will send in private a PoC video to who asks for it when iOS 15 is public.Jose Rodriguez also tweeted.

I must say that not only Rodriguez is unhappy with how Apple treats its bug bounty program and communicates with information security experts. Earlier this month, the Washington Post devoted a long article to the issue, in which many cybersecurity specialists talked about similar problems and argued that the company left their bug reports unattended for months, released ineffective patches, lowered rewards and prohibited researchers from participating in the bug bounty. if they started to complain.

Let me remind you that we also wrote that Apple Event 2021 became a ground for cryptocurrency fraud.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply