No evidence mail app flaw was exploited - Apple

Bradley Prior

MyBroadband Journalist
Staff member
Super Moderator
Joined
Oct 16, 2018
Messages
3,200
No evidence mail app flaw was exploited - Apple

Apple Inc. said it found no evidence of cyber-attackers exploiting newly discovered vulnerabilities in the Mail app for iPhone and iPad, software used by hundreds of millions of people worldwide.

The U.S. company is countering assertions by cybersecurity company ZecOps Inc. that software flaws may have allowed hackers to infiltrate iPhones and other iOS devices for more than a year. [Bloomberg]
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
26,846
Totally believe Apple, the company that tries to sue people disclosing vulnerabilities to them...
 

whatwhat

Executive Member
Joined
Jun 1, 2009
Messages
6,160
Legally they cannot admit to this or they will get sued into oblivion.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
37,414
Totally believe Apple, the company that tries to sue people disclosing vulnerabilities to them...
Link?

Last I checked they had an open reporting system for this kind of thing and even a bounty program I seem to recall.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
37,414
Legally they cannot admit to this or they will get sued into oblivion.
They have technically admitted it exists, as do many others at any one time, just that there’s no evidence of it being successfully used.

See they also stated it’s iPhone and iPad only whereas our SecOps team claimed it’s on Mac as well.
 

Johnatan56

Honorary Master
Joined
Aug 23, 2013
Messages
26,846
Link?

Last I checked they had an open reporting system for this kind of thing and even a bounty program I seem to recall.
I'm wrong, misremembered the article, sued Corellium that allows access to a virtualised iPhone for pen testing.
Their bug bounty program also used to pay little compared to e.g. Google, it used to also only be invite only up until the Dec of last year, so even if you did discover a bug, no payout as you can't have legally been testing it.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
37,414
Would be nice if you updated your first post to correct it then.

I was under the impression you needed to be registered for the bounty program (which makes sense) not that it’s invite only.
 
Top