A white-hat hacker has released details about three iOS vulnerabilities. He just didn’t. He was annoyed by Apple’s lax attitude when it comes to fixing bugs that come through with researchers. And he is certainly not alone in that.
The illusion of chaos, as ethical hacker Denis Tokarev calls himself, waited three months for Apple to respond to his findings. He found several security holes in iOS, and warned Apple about them. But Apple did not respond. After weeks of radio silence, the ethical hacker is tired; Post information on his blog Information about vulnerabilities. In principle, anyone with the right skills could exploit to steal user data. Reporting a vulnerability is usually simple. The hacker finds a weakness, passes it on to the company, and fixes it within a predetermined period of time. In return, the finder usually gets a reward or at least a pat on the back. But Illusionofchaos thought he had to wait so long for that. It certainly does not stand alone. In the past, many hackers have complained about Apple’s handling of bug bounties. That deal would be hard and slow.