Apple expanded its program just a few days ago bug bounty to macOS, setting rewards to those who find faults on your desktop operating system. Although this was enabled for several years on iOS, it does not seem that it is willing to lend its intellectual property to facilitate it.
That is why sue Corellium, an iOS virtualization service in the browser itself that is not limited to imitating the characteristics of the mobile operating system of Apple, but runs its own code. Those of Cupertino also ask for unspecified compensation, for "damages and lost benefits".
Corellium: the iOS time machine, in the browser
The company, created two years ago, has been receiving good reviews from the scene for some time jailbreak on iOS. Names that have worked behind well-known teams such as iEmu, Evasi0n or Cydia itself are behind the gears of this service.
With it, security researchers or government agencies themselves have an easier way to modify the fundamental code behind a variety of iPhone models in different versions of iOS, which is not easy on physical devices. This allows us to find vulnerabilities that give free access to the so-called zero-day attacks, which allow take advantage of failures in their early stages and when these have not been solved.
All this, without the need to end the life of numerous and expensive devices in the process. If you 'break' a virtual iPhone, it would be as easy as setting up a new one in a process that doesn't take more than ten minutes. It is also possible pause and even go back the runtime, which allows to see in detail what works and what does not in the iOS code itself, as explained in Forbes It's been a year and a half ago.
After having an official alternative, Apple try to turn off the Touchez
This is why perhaps the most surprising demand for Apple Corellium may have taken them so long. In TechCrunch We read the official justification after this lawsuit, which is the best advertising that Corellium could do:
"The product that Corellium offers is a" virtual "version of the mobile hardware products of Apple, accessible to anyone with a web browser. Specifically, Corellium offers what it offers as a perfect digital facsimile of a wide range of market leading devices from Apple -creating with meticulous attention to detail not only the way in which the operating system and applications visually appear to buyers in good faith, but also the underlying computer code. Corellium does so without a license or permission from Apple. "
And, as the web virtualization company says on its home page, "it is not a simulator." AppleIn any case, he has waited to have a less restricted iOS system, which was recently announced with the new campaign bug bounty of macOS, which will allow certain recognized security researchers to more easily access the bowels of their most widespread operating system. This is expected to improve the vulnerability discovery and its report privately, minimizing the impact of its commercial and government commercial distribution, hardening the safety of users.