He took advantage of a vulnerability in Apple software to defraud the company
A security researcher with a very good reputation for helping Apple identify vulnerabilities In its operating systems he found a security flaw that was too tempting… So much so that instead of reporting the vulnerability to Apple – as he had always done – he tried to scam the company.
Apple has a security research program that awards great financial rewards to those collaborators who find vulnerabilities in the software of their devices. But this security researcher decided to act on his ownand now he will face the consequences.
The researcher in question, called Noah Roskin-Frazeeworks for ZeroClicks Lab and attempted to defraud Apple through gift cards and other products worth two and a half million dollars.
The researcher who tried to defraud Apple of two and a half million dollars
Noah Roskin-Frazee had helped Apple on several occasions by reporting a series of vulnerabilities in its software that the Cupertino firm would later fix with updates and security patches.
Apple thanked Noah Roskin-Frazee for his collaboration on a security statement about macOS Sonoma 14.2. The curious thing about all this is that The thanks came two weeks after the investigator was arrested for fraud in his attempt to defraud Apple of $2.5 million. If it were a reproach, it must be admitted that it is quite elegant.
We would like to acknowledge Noah Roskin-Frazee and Professor J. (ZeroClicks.ai Lab) for their assistance.
From 404Media they report that the researcher used an escalation attack to gain access to the system, with the alleged help of his fellow researcher Keith Latteri. They used a password reset tool to access the account of an employee of a company called Company B, which appears to be a third-party support service associated with Apple.
That account had access to other accounts from the same company, one of which allowed them to access the VPN servers. Once inside the system, they allegedly placed orders under false names and used an Apple tool to change prices to 0 dollars. They asked for gift cards and iPhone and MacBook products.
Surprisingly one of the two security researchers, after having gained access to Apple’s servers and placing orders under false names, requested an extension of the AppleCare contract for himself and his family.