| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2013 02:58:12 +0100 From: Vulnerability Lab <research@...nerability-lab.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Apple iOS v6.1 (10B143) - Code Lock Bypass Vulnerability #2 Hey Kirils Solovjovs, the secound issue is different to the once reported some days ago to heise online. The heise online issue (reported by another person) for example allows with pressed button (only) to handle some of the functions like calls, voicemail, contacts like you see in the video. The secound issue allows you to bypass the code lock by using the screenshot function which results in a blackscreen with the blue standard template status bar. Attackers do not need to hold any button or call the emergency itself to bypass the login. So why should i report an issue of another researcher? The combo to use it and the reproduce is totally different. I do not know him and decided to drop my bug also after waiting 4 month. His issue was reported 1 year ago and i like + respect it. Thats all. ;) After Jerookie flamed around we also droped a message on twitter to make sure both issues are different. It is the same bullshit he did when we released the skype bug and msrc confirmed we have a seperate one. Thats all ~bye -- VULNERABILITY RESEARCH LABORATORY LABORATORY RESEARCH TEAM CONTACT: research@...nerability-lab.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists