Add Denis Apple, @apple Denis Tokarev, @illusionofchaos

[sickcodes]

| 2021-07-21 | Apple, @apple | Denis Tokarev, @illusionofchaos | DMCA Takedowns of Mirror | iOS App Developer & Security Researcher @illusionofchaos has developed an interesting relationship with Apple since early 2021. The researcher participated in Apple's Bug Bounty program in hope's of getting a nice payout for his work having submitted the research between March 10 and May 4 of 2021. Four months later, Denis published his (Disclosure of four 0-day iOS vulnerabilities and his opinion of the Apple Security Bounty Program. To this day, Denis is still not listed on the Apple Security Advisory for iOS 14.7 and iPadOS 14.7. In his words, "When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time." Frustrated with the lackluster communication between Apple's illusive security team, @illusionofchaos eventually published his Proofs of Concept on GitHub: "iOS gamed exploit (fixed in 15.0.2)", a redacted "Analyticsd pre-14.7 exploit", "nehelper enumerate installed apps 0-day (iOS 15.0)", and "Nehelper Wifi Info 0-day (iOS 15.0)". A Jailbreak community member @rllbe released a patch for Jailbroken devices only named entitlementfix. This is great for Jailbroken phones but does not help the millions of regular iPhones which are still very vulnerable to attacks, namely information disclosure. Valued at $100,000 or more on the Example/Dummy Bounty payout page, or perhaps an exponentially higher value on the grey market, @illusionofchaos has yet to receive a bounty, nor recognition, other than an email from Apple stating that they made an error in crediting his research. Apple silently patched one of the exploits in July with the release of iOS 14.7. To add to the already difficult relationship which was lacking communication, Denis discovered and mirrored a helpful API documentation named Atlas for research purposes. "Atlas is developed and maintained by the Hardware Test Engineering (HWTE) Software Platform group." The repository is currently serving the DMCA notice. What makes this takedown unique is that the fact that the original server is still live; Denis mirrored a documentation resource, which is very common procedure on GitHub. In a tweet on October 19 2021, which was subsequently taken down by GitHub via a DMCA notice, another notice was issued and Denis received more DMCA notices posted 2021-10-18 does in fact list Apple Inc., represented by Kilpatrick Townsend & Stockton LLP. The DMCA content removal takedown notice is etched permanently into GitHub's DMCA registrar. The researcher was also locked out of his account at one point. As per DMCA submission rules, the firm representing Apple, swears, "under penalty of perjury," that the the documentation is Apple's copyright. In addition, Apple submitted takedown notices of the IP address of the server, which is still live at time of writing. What makes this even stranger is that ONLY Denis' content has been DMCA'ed by Apple- absolutely no other account or tweet containing the IP address has since been removed from Twitter. An archive of the page, while still live, exists. |

[attritionorg]

If you want to create a /tmp/working-on.txt type file for me to edit, that might be easier. Or I can make edits to your text and just paste a new copy here in a comment.

[sickcodes]

How does this sound @attritionorg?

| 2021-07-21 | Apple, @apple | Tokarev Tokarev, @illusionofchaos | DMCA Takedowns of Mirror | iOS App Developer & Security Researcher Denis Tokarev (illusionofchaos) has developed an interesting relationship with Apple since early 2021. The researcher participated in Apple's Bug Bounty program in hope's of getting a nice payout for his work having submitted the research between March 10 and May 4 of 2021. Four months later, Tokarev published his (Disclosure of four 0-day iOS vulnerabilities and his opinion of the Apple Security Bounty Program. To this day, Tokarev is still not listed on the Apple Security Advisory for iOS 14.7 and iPadOS 14.7 security advisory.. In his words, "When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time." Frustrated with the lackluster communication between Apple's illusive security team, @Tokarev eventually published his Proofs of Concept on GitHub: "iOS gamed exploit (fixed in 15.0.2)", a redacted "Analyticsd pre-14.7 exploit", "nehelper enumerate installed apps 0-day (iOS 15.0)", and "Nehelper Wifi Info 0-day (iOS 15.0)". A Jailbreak community member @rllbe released a patch for Jailbroken devices only named entitlementfix. This is great for Jailbroken phones but does not help the millions of regular iPhones which are still very vulnerable to attacks, namely information disclosure. Valued at $100,000 or more on the Example/Dummy Bounty payout page, or perhaps an exponentially higher value on the grey market, Tokarev has yet to receive a bounty, nor recognition, other than an email from Apple stating that they made an error in crediting his research. Apple silently patched one of the exploits in July with the release of iOS 14.7. To add to the already difficult relationship which was lacking communication, Tokarev discovered and mirrored a helpful API documentation named Atlas for research purposes. "Atlas is developed and maintained by the Hardware Test Engineering (HWTE) Software Platform group." The repository is currently serving the DMCA takedown notice Apple sent him. What makes this takedown unique is that the fact that the original server is still live; Tokarev mirrored a documentation resource, which is very common procedure on GitHub. Along with the GitHub DMCA notice, Tokarev had multiple tweets also taken down. The DMCA content removal takedown notices on GitHub are publicly etched into GitHub's DMCA repository; the Lumen database copy can be viewed here. The researcher was also locked out of his Twitter account at one point. As per DMCA submission rules on Twitter, the firm representing Apple, swears, "under penalty of perjury," that the the documentation is Apple's copyright. What makes this case seem targeted is that ONLY Tokarev's content has been DMCA'ed by Apple- absolutely no other reply, public tweet, or image containing the IP address has been removed from Twitter. An archive of the alleged offending content page, while still live, is archived.. |

[sickcodes]

@attritionorg if you want to edit an edit, you can create another branch off of mine, should be an edit button on the fork https://github.com/disclose/research-threats/tree/denis-apple-dmca

[attritionorg]

| 2021-07-21 | Apple, @apple | Tokarev Tokarev, @illusionofchaos | DMCA Takedowns of Mirror | iOS App Developer & Security Researcher Denis Tokarev (illusionofchaos) has developed an interesting relationship with Apple since early 2021. The researcher participated in Apple's Bug Bounty program in hope's of receiving a payout for his research having submitted the details between March 10 and May 4 of 2021. Four months later, Tokarev published his (Disclosure of four 0-day iOS vulnerabilities and his opinion of the Apple Security Bounty Program. To this day, Tokarev is still not listed on the Apple Security Advisory for iOS 14.7 and iPadOS 14.7 security advisory.. In his words, "When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time." Frustrated with the lackluster communication between Apple's illusive security team, Tokarev eventually published his Proofs of Concept on GitHub: "iOS gamed exploit (fixed in 15.0.2)", a redacted "Analyticsd pre-14.7 exploit", "nehelper enumerate installed apps 0-day (iOS 15.0)", and "Nehelper Wifi Info 0-day (iOS 15.0)". A Jailbreak community member, @rllbe, released a patch exclusively for Jailbroken devices named entitlementfix. This is great for Jailbroken phones but does not help the millions of regular iPhones which are still vulnerable to attacks, namely information disclosure. Valued at $100,000 or more on the Example/Dummy Bounty payout page, or perhaps an exponentially higher value on the grey market, Tokarev has yet to receive a bounty, nor recognition, other than an email from Apple stating that they made an error in crediting his research. Apple silently patched one of the exploits in July with the release of iOS 14.7. To add to the already difficult relationship, Tokarev discovered and mirrored a helpful website with API documentation named "Atlas" for research purposes. "Atlas is developed and maintained by the Hardware Test Engineering (HWTE) Software Platform group." The repository is currently serving the DMCA takedown notice Apple sent him. What makes this takedown unique is that the fact that the original server is still live; Tokarev mirrored a documentation resource, which is very common procedure on GitHub. Along with the GitHub DMCA notice, Tokarev had multiple tweets also taken down. The DMCA content removal takedown notices on GitHub are publicly etched into GitHub's DMCA repository; the Lumen database copy can be viewed here. The researcher was also locked out of his Twitter account at one point. As per DMCA submission rules on Twitter, the firm representing Apple, swears, "under penalty of perjury," that the the documentation is Apple's copyright. What makes this case seem targeted is that only Tokarev's content has been DMCA'ed by Apple- absolutely no other reply, public tweet, or image containing the IP address has apparently been removed from Twitter. An archive of the alleged offending content page, while still live, is archived.. |

I copied yours and made edits, primarily for style and consistency.

[sickcodes]

Submitting these changes, also I accidentally removed the Missouri case in previous commit, added back in.

EDIT: Denis Tokarev, instead of double surname

[sickcodes]

Apple has credited the researcher after 3 months https://support.apple.com/en-us/HT212601, can add tomorrow