Apple released iOS 15 this week, and on the same day, security expert Jose Rodriguez demonstrated how to bypass the lock screen on an iPhone, which can be used to access a user’s notes.
The researcher admits that it was not by chance that he discovered the bug on this very day. In this way, Rodriguez took revenge on Apple for downplaying similar screen lock bypass problems he had reported earlier in 2021. We are talking about the vulnerabilities CVE-2021-1835 and CVE-2021-30699, which Apple fixed in April and May of this year.The aforementioned two vulnerabilities allowed attackers to gain access to the victim’s messengers and other applications, including Twitter, WhatsApp and Telegram, even if the device was locked. Rodriguez explains that Apple has mitigated these bugs but hasn’t fully fixed them, and hasn’t asked the researcher if the patches are working correctly.
As a result, Rodriguez published a new version of the lock screen bypass (working due to the fact that the two previous errors were not fully fixed). This time, he used Apple’s Siri and VoiceOver to access the Notes app. The attack can be seen below.
I must say that not only Rodriguez is unhappy with how Apple treats its bug bounty program and communicates with information security experts. Earlier this month, the Washington Post devoted a long article to the issue, in which many cybersecurity specialists talked about similar problems and argued that the company left their bug reports unattended for months, released ineffective patches, lowered rewards and prohibited researchers from participating in the bug bounty. if they started to complain.
Let me remind you that we also wrote that Apple Event 2021 became a ground for cryptocurrency fraud.
