Security Acknowledgements
Apple Product Security
CVE-2025-24225 — Mail Addressing Vulnerability
Credited for identifying a mail spoofing vulnerability that bypassed Mail’s sender identity verification.
- iOS & iPadOS 18.5 Security Acknowledgements (May 2025)
- iPadOS 17.7.7 Security Acknowledgements (May 2025)
CVE-2025-24198 — Siri Lock Screen Data Exposure
Credited for identifying a Siri vulnerability that allowed access to sensitive information on locked devices. Also credited for issues in Accessibility, Status Bar, and Writing Tools.
- iOS & iPadOS 18.4 Security Acknowledgements (Mar 2025)
- macOS Sequoia 15.4 Security Acknowledgements (Mar 2025)
- macOS Ventura 13.7.5 Security Acknowledgements (Mar 2025)
CVE-2024-44235 — Lock Screen Content Exposure
Credited for identifying a vulnerability that allowed restricted lock screen content to be viewed.
- iOS & iPadOS 18.1 Security Acknowledgements (Oct 2024)
Additional Recognition (No CVE Assigned)
Credited for additional sensitive information disclosure bugs, UI transition flaws, and authentication bypasses.
- visionOS 2.4 Security Acknowledgements (Mar 2025): Accessibility info exposure
- macOS Sequoia 15.2 Security Acknowledgements (Dec 2024): Safari private tab bypass (Touch ID)
- iOS & iPadOS 18.2 Security Acknowledgements (Dec 2024): Safari private tab bypass (Face ID)
- visionOS 2.2 Security Acknowledgements (Dec 2024): Safari private tab bypass (Optic ID)
- iOS & iPadOS 18 Security Acknowledgements (Sep 2024): Wi-Fi credential leak via Passwords app
- macOS Sequoia 15 Security Acknowledgements (Sep 2024): Wi-Fi credential leak via Passwords app
- visionOS 2 Security Acknowledgements (Sep 2024): Wi-Fi credential leak via Passwords app
- Web Server Security Acknowledgements (Apr–Aug 2024): Exposed Apple Confidential docs, IDORs, brute-forceable endpoints
OpenAI (#16 in August 2024)
- Bug Bounty Hall of Fame (Sep–Dec 2024)
- Broken access control on OpenAI subdomain (Dec 2024)
- Session persistence vulnerability in ChatGPT for macOS/Windows (Nov 2024)
- Information disclosure in ChatGPT for iOS/iPadOS (Sep 2024)
Microsoft
- MSRC Online Services Acknowledgements
- (Aug 2024) App Lock bypass via misconfigured deep link in Microsoft Authenticator for iOS
- (Jun 2024) OAuth token leakage via Bing for iOS
- Google VRP Hall of Fame
- (Aug 2024) Unauthenticated access to internal data via exposed endpoint
- (Jun 2024) Additional reconfirmed vulnerability acknowledged
BBC
- BBC Security Acknowledgements (Nov 2024)
- Broken access control vulnerabilities on multiple endpoints