A security researcher was thanked by Apple in OS patch notes just days after being indicted in a scheme that allowed him to steal millions of dollars worth of Apple products, gift cards, and services.
Noah Roskin-Frazee, a security researcher affiliated with ZeroClicks Lab, has been praised by Apple for identifying software vulnerabilities. However, he has recently come under scrutiny for exploiting a vulnerability that enabled him to steal a whopping $2.5 million worth of iPhones, Macs, and gift cards.
Noah Roskin-Frazee, a security researcher affiliated with ZeroClicks Lab, has been praised by Apple for identifying software vulnerabilities. However, he has recently come under scrutiny for exploiting a vulnerability that enabled him to steal a whopping $2.5 million worth of iPhones, Macs, and gift cards.
According to 404Media, Roskin-Frazee found a vulnerability in Toolbox, a backend system that Apple uses to place orders on hold. While on hold, orders can still be edited.
He, along alleged co-conspirator Keith Latteri, used a password reset tool to gain access to an employee account of a third-party company that helped Apple with customer support. Once they accessed the employee credentials, they accessed Apple’s systems and placed fraudulent orders for Apple products.
Go Here to Read this Fast! How a respected security researcher stole millions from Apple
Originally appeared here:
How a respected security researcher stole millions from Apple