WRITE UP – APPLE N/A: PII information, full contact list, main phone no. and main iCloud email extracted; Bug patched: Arbitrary local file read via zip file and symlinks on iOS Files app.

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to get an Arbitrary local file read on iOS Files app via zip file and symlinks Disclaimer: Unfortunately, after 13 months of […]

WRITE UP – GOOGLE VRP BUG BOUNTY: /etc/environment local variables exfiltrated on Linux Google Earth Pro desktop app – $1,337 USD

Introduction: Hi everyone It’s been a while since my last post but I’m back, I want to tell you a very short story about one of my last bugs, and how I managed to exfiltrate /etc/environment local variables on Google Earth Pro Desktop app on linux. Extracted from Google VRP’s report: (the actual Google VRP […]