Cybercrime duo accused of picking $2.5M from Apple's orchard

2024-02-08 14:00

While Apple isn't explicitly named in the recently unsealed court papers, it's not difficult to deduce that the identity of "Company A," as written in the indictment, is the consumer tech megacorp.

Looking deeper into the case background, it's also revealed that one of the defendants redeemed one of the stolen gift cards to their personal app store account, where they purchased Final Cut Pro - software developed by Apple that only runs on Apple hardware.

One of these is a Log Program that allows customer support to search Apple products and order replacements.

The final important system at play here is the Jamf MDM platform, which is operated by the third-party contractor and allows configuration changes to be made to Apple devices, but that's not what it was used for in this case.

Funnily enough, in a December 2023 security update - published one day before Roskin-Frazee's indictment - Apple acknowledged the security researcher, and his colleague "Prof. J." of ZeroClicks Lab, for reporting a bug affecting macOS Ventura that could have allowed an app to access data from a user's contacts.

Neither Apple nor the lawyers for Roskin-Frazee and Latteri immediately responded to requests for comment.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/08/security_research_apple_fraud/

#apple #cybercrime #DUO