He took advantage of a vulnerability in Apple software to defraud the company
A security researcher with a very good reputation to help Apple identify vulnerabilities In his operating systems, he found a security flaw too tempting… So much so that instead of reporting the vulnerability to Apple – as he had always done – he tried to scam the company .
Apple has a security research program that rewards financial rewards
The researcher in question, called Noah Roskin-Frazeeworks for ZeroClicks Laboratory and attempted to defraud Apple using gift cards and other products worth two and a half million dollars.
The researcher who tried to defraud Apple of two and a half million dollars
Noah Roskin-Frazee had helped Apple on several occasions by reporting a series of vulnerabilities in its software that the Cupertino company would later correct with updates and security patches.
Apple thanked Noah Roskin-Frazee for his collaboration on a security release for macOS Sonoma 14.2. What is curious about all this is that The thanks came two weeks after the investigator’s arrest
We would like to thank Noah Roskin-Frazee and Professor J. (ZeroClicks.ai Lab) for their help.
From 404Media they report that the researcher used an escalation attack to gain access to the system, with the alleged help of his fellow researcher. Keith Latteri. They used a password reset tool to access the account of an employee of a company called Company B, which appears to be a third-party support service associated with Apple.
This account had access to other accounts of the same company, one of which allowed them to access VPN servers. Once in the system, they allegedly placed orders under false names and used an Apple tool to change prices to 0 dollars. They asked for gift cards and iPhone and MacBook products.
Surprisingly, one of the two security researchers, after accessing Apple servers and placing orders under false names, requested an extension of the AppleCare contract for himself and his family.