Man involved in AT&T iPad vulnerability discovery arrested
Police have arrested a man who was part of the team that discovered a vulnerability in the AT&T website that contained iPad user email addresses.
Police in the US have arrested a member of the team that found a vulnerability affecting various iPad users on the AT&T network.
Andrew Auernheimer, a key member of Goatse Security that recently claimed to have found a security hole on the AT&T website containing iPad user information, was detained in Arkansas but for drug charges rather than anything iPad related, CNET has reported.
Auernheimer has previously been arrested for alledgedly providing a fake name to police officers responding to a parking complaint, Lieutenant Mike Perryman, of the Fayetteville Police Department, told CNET.
However, the authorities did not confirm why a warrant had been drawn up prior to the arrest, or whether it had anything to do with the authority's work on the AT&T case.
Earlier this month, Goatse Security said it had taken information about the vulnerability on the website to Gawker, an online gossip site. Goatse claimed to have accessed AT&T's iPad subscriber information containing around 114,000 email addresses, including those of high up politicians and business executives.
AT&T confirmed that it had closed the security hole and that it was only email addresses that had been accessed.
Mark Siegel, executive director of media relations at AT&T, told IT PRO: "The hackers did not inform us in advance about what they claimed to uncover."
Goatse claimed in a blog post that it had waited until the hole was fixed by AT&T before taking information to Gawker.
"We did not contact AT&T directly, but we made sure that someone else tipped them off and waited for them to patch until we gave anything to Gawker," Goatse added.
-
Apple’s Siri overhaul is a ‘watershed moment’ in its long-awaited AI pushNews The revamped Siri AI could put to rest questions over its lackluster approach to AI, providing it nails the roll-out
-
AMD chief exec Lisa Su touts UK’s AI potential as firm eyes £2bn investmentNews The deal will see a new AI supercomputer built in Cambridge and partnerships with Imperial College London and Oriole Networks
-
AI is shrinking attack windows, and it’s forcing a complete rethink of cyber resilience – here’s how organizations can prepareNews Commvault has urged companies to improve their business continuity and resilience plans in the face of flaws spotted by AI
-
Anthropic targets vulnerability detection gains with Claude Security public beta — here's what users can expectNews The Claude Mythos developer is aiming for a more limited approach to cyber tooling for public consumption
-
Researchers warn millions of RDP and VNC servers are wide open to exploitationNews Researchers at Forescout spotted millions of RDP and VNC servers exposed online
-
Brace yourselves for a vulnerability explosion, Forescout warnsNews AI advances are helping identify software flaws at record pace and scale, but that's not the good news some would think
-
Ubuntu vulnerability exposes enterprises to root escalation, complete system compromiseNews The high-severity Ubuntu vulnerability allows an unprivileged local attacker to escalate privileges through the interaction of two standard system components
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
-
CVEs are set to top 50,000 this year, marking a record high – here’s how CISOs and security teams can prepare for a looming onslaughtNews While the CVE figures might be daunting, they won't all be relevant to your organization
