Links to credited vulnerabilities are at the bottom of this page.
Becoming a bug bounty hunter
Move over Boba Fett! I am a (bug) bounty hunter too!
Since 2023, I have been dipping my feet into the world of security research and bug bounty programs with a focus on Apple devices. Since the middle of 2023, I have been credited with finding 5 different security vulnerabilities on Apple platforms (iOS, iPadOS, watchOS, and visionOS) with more issues currently in review. The vulnerabilities discovered by me are listed on Apple’s Security Releases page and a few of them have yielded me an Apple Security Bounty Award!
Accepted into the Apple Security Research Device Program
As a result of finding multiple vulnerabilities, I was accepted into Apple Security Research Device Program. As a member of this program, I was given access to a special version of the iPhone 16 that has certain security features disabled on the hardware level, allowing me to poke around further into the operating system than what’s possible on consumer units. Vulnerabilities I find with this device will also be considered for potential bounty awards.
I plan to continue to educate myself in my free time about computer security and penetration testing techniques so I can attempt to search for more complex security vulnerabilities for responsible disclosure of discovered bugs.
Credited Vulnerabilities
The issues I have been credited for as of January 2025 are as follows:
iOS 17 & iPadOS 17:
https://support.apple.com/en-us/120949
Listed under Additional Recognition: Home
iOS 18 & iPadOS 18 + iOS 17.7 & iPadOS 17.7:
https://support.apple.com/en-us/121250
https://support.apple.com/en-us/121246
Accessibility
CVE-2024-44171
Impact: An attacker with physical access to a locked device may be able to Control Nearby Devices via accessibility features
Description: This issue was addressed through improved state management.
iOS 18.1 & iPadOS 18.1 + iOS 17.7.1 & iPadOS 17.7.1:
https://support.apple.com/en-us/121563
https://support.apple.com/en-us/121567
Accessibility
CVE-2024-44274 (also credited with Rizki Maulana, and Matthew Butler)
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: The issue was addressed with improved authentication.
iOS 18.2 & iPadOS 18.2:
https://support.apple.com/en-us/121837
Listed under Additional Recognition: Photos Storage
Listed under Additional Recognition: Accessibility
visionOS 2.3:
https://support.apple.com/en-us/122073
Listed under Additional Recognition: Guest User