White hat hackers earned $1.88 million at the Tianfu Cup hacking contest by finding vulnerabilities in popular software.
The Tianfu Cup is the most important hacking contest held in China, this year white hat hackers earned $1.88 Million demonstrating vulnerabilities in popular software.
The edition of this year took place on October 16 and 17 in the city of Chengdu, participants had three attempts of 5 minutes to demonstrate their exploits.
TFC 2021 is coming! Oct. 16th-17th, see you again at CHENGDU, CHINA. This year, the total bonus is up to $1.5 Million, with new category and targets, waiting for you to PWN and WIN. https://t.co/XfAxZbttfqpic.twitter.com/zRSpQ6MkIk
The winner is the security firm Kunlun Lab who earned $654,500, below the tweet of the amazing expert @mj0011 CEO of Cyber-Kunlun & Kunlun Lab and former CTO of Qihoo 360 and founder of team 360Vulcan.
New company but still ranked as #1 this year TianfuCup. Almost all targets are fully pwned this time(except Synology). last photo : the empty review room after 0day party pic.twitter.com/TRM37hAYuh
The security researcher Jose Rodriguez discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be fixed.
The security researcher Jose Rodriguez (@VBarraquito) discovered a new lock screen vulnerability for iOS 15 (& iOS 14.8) that has yet to be addressed by Apple. A threat actor with physical access to a vulnerable device can access Notes via Siri/Voice Over.
Rodriguez explained that in real incidents, unattended or stolen devices with a lock screen bypass vulnerability are exposed to attacks that could leverage a lock screen vulnerability to access sensitive information.
This specific type of vulnerability represents a serious threat to individuals and organizations, for this reason, the expert suggests including their research when conducting a mobile pen-testing assessment.
The expert disclosed details about the lock screen bypass vulnerability after Apple downplayed similar flaws, tracked as CVE-2021-1835 and CVE-2021-30699, reported by the researcher earlier this year.
The flaws allowed an attacker to access instant messaging apps like WhatsApp or Telegram even while the mobile device was locked.
Rodriguez explained that Apple partially fixed the issue and did not involve him in the test of the released patch.
Then the expert proposed a variant of the same bypass issue that leverages Apple Siri and VoiceOver services to access the Notes app.
In hopes Apple realizes that is being tightwad rewarding security bug reports, and reconsider the bounties. https://t.co/g6TEIWmVDJ