Four-year-old bug leaves iPhones vulnerable to Contacts hack

Four-year-old bug leaves iPhones vulnerable to Contacts hack

But now it's extending the bug bounty program to all of its platforms and researchers who discover any security flaws other than in the iOS will be eligible to receive payouts as high as $200,000 which is the same reward initially offered as a maximum payout for its iOS program back in 2016. Check Point's hack works on devices running iOS 8 through the beta versions of iOS 13. Security researchers at Chinese internet giant Tencent demonstrated at the annual Black Hat hacker convention in Las Vegas how they managed to trick Apple's Face ID technology in less than 120 seconds. On the iPhone, the SQLite database vulnerability can be accessed thanks to a known bug in iOS's Contacts app that has existed for four years now without a fix. He continues explain how "such a program highly encourages talented external security researchers to audit Apple's hardware and software products, which will result in many vulnerabilities being uncovered and reported to Apple".

SQLite databases are an industry-standard format that is used by virtually every operating system and browser in the world, including Windows 10, macOS, iOS, Chrome, Safari, Firefox, and Android.

"Wait, what? How come a four-year-old bug has never been fixed?" write Check Point's researchers in their report.

But Check Point has proved that isn't the case, replacing a component in the Contacts app directly. And iOS is a closed ecosystem with no room for unknown apps. One of the bugs allowed hackers to gain access to your iPhone or iPad by sending you a text message.

Search for London teen missing in Malaysia enters 2nd week
The reward of 50,000 Malaysian ringgit - approximately €10,806 - was donated by an anonymous Belfast business, Nora's family said. The 15-year-old vanished more than a week ago after arriving at a remote eco-resort with her family for a two-week holiday.

But with a little additional effort, the researchers were able to make a trusted app send code to trigger the bug. Surprisingly, Apple has not responded to this vulnerability officially. Apple's new bug bounty program aims to make it more hard for companies like NSO Group to hack into your iPhone.

Apple started its bounty program three years ago and only focused on its mobile platform, until now.

The so-called "bug bounty" is the highest one offered by any major tech company - far surpassing the £124k offered by Google for finding security holes in Google code.