On the day Apple released iOS 15, a Spanish security researcher discovered a way to bypass the iPhone's lock screen that attackers could use to access a user's notes. Jose Rodriguez said he published details of the hacking method after Apple downplayed similar problems he reported earlier this year.
The researcher tweeted last week that Apple typically charges $25 for reporting such problems, but the company paid him a total of $000 for reporting more serious flaws.
Rodriguez said he was referring to CVE-2021-1835 and CVE-2021-30699, which Apple patched in April and May, respectively. These two issues allow attackers to access messengers such as WhatsApp and Telegram even when the iPhone is on the lock screen.
Apple, according to Rodriguez, has somewhat improved the situation, but has not completely eliminated the problem. In addition, the company did not contact the security researcher to clarify whether they are closing the vulnerabilities. That's why he decided to publish a video that demonstrates a new ability to bypass the lock screen to access the Notes app using Siri and VoiceOver.
Rodriguez thus became another in a long list of security researchers who have criticized Apple for laxity with its bug bounty program.
iOS 15
As expected, Apple has started rolling out iOS 15, a new version of its mobile software platform that will soon be available to owners of all compatible smartphones from the company, starting with the iPhone 6S released in 2015. The update brings a number of interesting innovations, including the ability to use FaceTime for calls on Android and Windows devices, improved photo processing algorithms and much more.
One of the most notable innovations is FaceTime, Apple's own video chat application, which previously only allowed users of Apple devices to communicate. With the release of iOS 15, that changed, and FaceTime received support for calls on Android and Windows devices.
To use this option, you'll need to generate a FaceTime chat link that you can send to anyone using any available method. By clicking on such a link, the user will automatically join the conversation. You can join the chat only after agreeing with the administrator, so the appearance of random people is excluded when conducting virtual conversations.
Another change concerns the iMessage app. From now on, the links that users receive throughout the day will be automatically pushed to other apps for the user to explore. For example, when someone sends you a link to a news story in Apple News, it will move to the company's news service.
Similarly, links received in iMessage that refer to Apple Music, Apple Photos, and other branded services will be propagated.