Apple Might Soon Offer Special iPhones To Security Scientists

Apple to pay $1 million to anyone who can hack iPhone

The white hat hackers said they have responsibly disclosed their research and methodology to Apple. The flaw puts over a billion iPhone and iPad users at risk.

SQLite is the most widely used database engine in the world. More importantly, the code remained on the device after reboot, as SQLite databases aren't signed, and thus passed Apple's Secure Boot process without interrogation.

Speaking at the Def Con 2019 security conference in Las Vegas this week, researchers from Check Point demonstrated a rare vulnerability in iOS that could allow attackers to run malicious code on Apple devices.

According to the Mashable reports, people capable of bypassing iPhone's lock screen while having physical access to the device will be rewarded $100,000 and those who can execute a kernel code through an installed app will be paid off $150,000 as a reward. Surprisingly, Apple has not responded to this vulnerability officially. More specifically, it targets its reliance on the SQLite database format that's used pretty much everywhere from Windows 10 and macOS to Safari, Firefox and Android.


Interestingly, the exploit actually relies on a bug that was first discovered four years ago - and still hasn't been fixed.

This time, company officials go even further, providing reputable security experts with modified iPhone kits, with some of the iOS security systems already deactivated, in order to allow easier investigation of hard bugs.to be tested under normal conditions of use. As AppleInsider explains: "the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps". He said that Apple takes privacy and hacking very seriously. Check Point says they have made Apple aware of the exploit, which one hopes the iPhone-maker will fix soon. The tech giant has opened its bounty program to a wider group of researchers this time, compared to a selective invite-only group of researchers.

On a related note, previously this year, a researcher found an exploit that might permit bad actors to get passwords from system keychains and login without needing admin privileges.

Related:

Comments

Latest news

LG G8X Renders Leak, Tip Dewdrop Notch, Dual Rear Cameras, Headphone Jack
Since the launch event is nearing, we might see more leaks and details to come forward giving us some glimpse on the hardware. Near the end of the clip, the two screens folded to show the outer contours of a smartphone and a date and time is displayed.

Citizenship chief: Migrant 'green cards' can be evaluated on welfare use
This is one of the country's most aggressive moves to restrict legal immigration . The rule is prospective, and will only apply to applications starting October 1.

Norwegian police say mosque shooting is a terror attempt
Prime Minister Erna Solberg expressed her sympathies with those who were at the mosque in Baerum and everyone else affected. A gunman opened fire on the Al-Noor Islamic Centre, on the outskirts of the capital Oslo yesterday.

Trump Visits Dayton and El Paso Amid Calls for Gun Control
Melendez, an Army veteran and the son of Mexican immigrants, said he holds only the shooter responsible for the attack. Trump's campaign still owes the city of El Paso more than $500,000 in police and public safety fees from that visit .

'At a loss for words': National Football League in shock over coach's tragic death
Darryl Drake is survived by his wife Sheila, his three children, and their grandchildren (down the line). Head coach Mike Tomlin called Drake a " close friend" in a statement.

Other news