On the day Apple released iOS 15, a Spanish security researcher uncovered a way to bypass the iPhone’s lock screen that attackers could use to access a user’s notes. Jose Rodriguez said he released details of the hack method after Apple downplayed similar issues he reported earlier this year.
Last week, a researcher tweeted that Apple usually estimates reports of such problems at $ 25,000, but the company paid him only $ 5,000 for reporting more serious flaws. Rodriguez said he was referring to the vulnerabilities CVE-2021-1835 and CVE-2021-30699, which Apple patched in April and May, respectively. These two problems allowed attackers to gain access to instant messengers such as WhatsApp and Telegram even when the iPhone was locked.
Apple, according to Rodriguez, has improved the situation somewhat, but has not completely fixed the problems. In addition, the company did not contact a security researcher to clarify whether the vulnerabilities were closed. That is why he decided to post a video demonstrating a new option to bypass the screen lock to access the Notes application using Siri and VoiceOver. Thus, Rodriguez became another in a long list of security researchers who criticized Apple for its negligence in rewarding users for identifying bugs in software.