A security researcher revealed a screen bypass bug for iOS 15 on the day of the official launch of the stable version of the OS, citing Apple’s allegedly poor reaction when dealing with bug reports.
Apple offers a lot of money to hackers and security researchers when they find vulnerabilities or other issues with iOS and macOS. Or at least that’s the company’s official stance. A recent Washington Post report underscored the poor communication between security researchers and Apple, leading to unpatched devices and delayed payments.
Now, security researcher Jose Rodriguez has released details on a bypass lock screen bug, along with a proof of concept video, on the day the official iOS 15 launched, citing the same problems. Rodrigues announced his decision just a few days ago on Twitter.
“I will giveaway a very minor Lock Screen Bypass working in iOS 14.8 / 15RC. Apple values reports of issues like this with UP TO $25,000 but for reporting a more serious issue I was awarded with $5,000. I will send in private a PoC video to who asks for it when iOS 15 is public,” said the researcher.
Rodriguez spoke with The Record about a couple of vulnerabilities he reported to Apple, CVE-2021-1835 and CVE-2021-30699, both lock screen bypasses that allowed users to open other apps on the device such as Twitter or WhatsApp. Rodriguez saysthe company, however, just mitigated the vulnerabilities and didn’t actually fix them. Moreover, he says they downplayed the seriousness of the bugs.
As a result, the security researcher figured out a new way to bypass the lock screen, using a variation on the vulnerabilities he previously reported.