[Zer0Con2026] TRAINING "macOS Vulnerability Research Training" by @theevilbit & @gergely_kalman 🗓️Date: 30th Mar ~ 1st April 2026 (3 DAYS) 📌Fairmont Ambassador Seoul, South Korea Sign up: zer0con.org/#training-sectio… #Zer0Con2026

🍎🐛🔬🛡️👩🏼‍💻👨🏻‍💻😍

🚨APPLE ADVERTISES $2 MILLION FOR FINDING SECURITY BUGS.. THEN CALLS YOUR DISCOVERY A "DUPLICATE".. PATCHES IT SILENTLY.. GIVES YOU NOTHING.. AND BANS YOUR APPLE ID IF YOU COMPLAIN.. Two researchers found a critical macOS vulnerability that let attackers steal passwords, encrypted chats, and Safari data through Archive Utility.. Submitted it October 2025.. Apple took 5 months.. Patched it with zero credit.. Zero CVE.. Zero bounty.. Their reason.. "You were not the first person to report this issue".. That's the duplicate loophole.. Apple claims an internal engineer found it first.. But researchers can't verify that.. Apple controls the tracking system.. No audit.. No appeals.. The researcher said it felt like "doing charity work for a $3 trillion company".. Another researcher found apps could access your entire photo library even after you turned off access in settings.. Apple's own page lists that at $50,000.. They reported it.. Apple went silent.. Patched it quietly.. Said it was a duplicate.. $0.. When the researcher blogged about it.. Apple permanently banned their 12-year-old Apple ID.. Apple's brand new Passwords app in iOS 18 was sending data over unencrypted HTTP.. A credential manager transmitting password reset links in plaintext.. Any attacker on the same WiFi could intercept them.. Researchers reported it.. Apple let it sit 3 months.. Patched it quietly.. Said it "didn't meet the impact criteria".. Then there's the FaceTime disaster.. A 14-year-old discovered you could eavesdrop on anyone's iPhone.. Start a FaceTime call.. Add your own number before they answer.. Their microphone turns on.. If they hit the volume button.. Their camera activates too.. His mother spent a week trying to tell Apple.. Emails.. Faxes.. Social media.. Support told her to pay $99 for a developer account to file a bug report.. Apple did nothing until the exploit went viral and millions started eavesdropping on each other.. Then they panicked.. Took FaceTime offline globally.. Congress sent formal letters to Tim Cook demanding answers.. Then there's the researcher who got so fed up being ignored that they hacked Apple's own internal daily security call.. They'd reported a zero-click iMessage vulnerability.. Apple stonewalled them.. So they found another flaw.. Used it to infiltrate the internal FaceTime call where Apple engineers discuss bugs.. And dropped a screenshot proving the exploit live.. The team securing 2.35 billion devices couldn't secure their own meeting.. Apple's response.. A threatening legal letter.. Not a bounty.. A legal threat.. This is why the exploit black market thrives.. A zero-click iPhone exploit sells for $1.5 to $2.5 million on the gray market.. Guaranteed payment.. No bureaucracy.. No "duplicate" risk.. Submitting to Apple means NDAs.. 6-12 months of waiting.. Risk of $0.. Risk of your Apple ID being banned if you speak up.. Those gray market exploits end up with mercenary spyware vendors like NSO Group.. Deployed against journalists and human rights lawyers worldwide.. Apple pushes researchers toward the black market.. Then spends billions defending against the exploits those researchers could have sold them for a fraction of the price.. 2.35 billion devices.. And the company would rather send lawyers than pay what they owe.

Uncovering an iOS 26.5 ImageIO Vulnerability zygosec.com/blog