Apple Might Soon Offer Special iPhones To Security Scientists

Article Image Apple is Reportedly Paying $1M to Anyone Who Can Hack an iPhone

The white hat hackers said they have responsibly disclosed their research and methodology to Apple. The flaw puts over a billion iPhone and iPad users at risk.

SQLite is the most widely used database engine in the world. More importantly, the code remained on the device after reboot, as SQLite databases aren't signed, and thus passed Apple's Secure Boot process without interrogation.

Speaking at the Def Con 2019 security conference in Las Vegas this week, researchers from Check Point demonstrated a rare vulnerability in iOS that could allow attackers to run malicious code on Apple devices.

According to the Mashable reports, people capable of bypassing iPhone's lock screen while having physical access to the device will be rewarded $100,000 and those who can execute a kernel code through an installed app will be paid off $150,000 as a reward. Surprisingly, Apple has not responded to this vulnerability officially. More specifically, it targets its reliance on the SQLite database format that's used pretty much everywhere from Windows 10 and macOS to Safari, Firefox and Android.

Interestingly, the exploit actually relies on a bug that was first discovered four years ago - and still hasn't been fixed.

This time, company officials go even further, providing reputable security experts with modified iPhone kits, with some of the iOS security systems already deactivated, in order to allow easier investigation of hard bugs.to be tested under normal conditions of use. As AppleInsider explains: "the bug has been considered unimportant because it was believed it could only be triggered by an unknown application accessing the database, and in a closed system like iOS, there are no unknown apps". He said that Apple takes privacy and hacking very seriously. Check Point says they have made Apple aware of the exploit, which one hopes the iPhone-maker will fix soon. The tech giant has opened its bounty program to a wider group of researchers this time, compared to a selective invite-only group of researchers.

On a related note, previously this year, a researcher found an exploit that might permit bad actors to get passwords from system keychains and login without needing admin privileges.

Related:

Comments

Latest news

Can not take an isolated stand in multilateral events: Kiren Rijiju
In 2015, Pakistan played both its home ties at neutral venues - Chinese Taipei in Turkey and Kuwait in Sri Lanka. On August 1, while talking to Timesofindia.com, Chatterjee had said: "We fall under MYAS".

Prosecutors say OH shooter's friend bought him armor
Making a false statement regarding firearms carries a potential maximum sentence of up to five years' imprisonment. A search warrant was executed at Kollie's home, turning up several weapons, marijuana, and mushrooms.

Vikings acquire Ravens kicker Kaare Vedvik for 5th-round pick in 2020
According to ESPN , which cited unidentified league sources, the Vikings sent a 2020 fifth-round pick to Baltimore. Vedvik had made about 90% of his kicks in this year's training camp but missed a 33-yard field goal on Saturday.

Washington Nationals vs. New York Mets, 8/11/2019 Predictions & Odds
Nationals: RHP Max Scherzer (mild strain in upper back) threw a 36-pitch bullpen at almost full effort and came out feeling well. The Mets threatened against the beleaguered Washington bullpen in the seventh. "We've just got to make the play next time".

Stephen A. Smith Blasts Antonio Brown Over His Helmet Complaint
Brady said he'd been wearing the same helmet since at least 2004. "And I think at that point, though, the liability will be dramatic".

Other news