Following that, Apple commended him for reporting vulnerabilities.
Noah Roskin-Frazee appeared to be a real security researcher for all intents and purposes. He had disclosed flaws to Apple and other companies in order to assist in the enhancement of vulnerabilities. On the other hand, he was taken into custody a month ago and accused with masterminding a conspiracy to steal electronic devices and gift cards from Apple, which was estimated to be worth $2.5 million. On the other hand, it would appear that nobody informed Apple’s security team about it. On January 22, two weeks following Roskin-Frazee’s arrest, the corporation issued a security advisory in which it expressed gratitude to him.
According to the allegations, Roskin-Frazee, an employee of ZeroClicks Lab, utilized his familiarity with Apple’s IT infrastructure in order to get access to a protected service known as Toolbox. This is the system that Apple utilizes to put orders on hold so that they can be changed. Roskin-Frazee and his partner were successful in deceiving Apple into providing free shipment of their items by utilizing Toolbox.
Despite the fact that the court document, which was discovered by Court Watch, does not specifically name Apple as the victim, it does state that “Company A” is a company based in Cupertino, California that “developed, manufactured, licensed, supported, and sold computer software, consumer electronics, personal computers, and services.” The accusation states that the defendant fraudulently obtained Final Cut Pro from “Company A’s app store.” This information is included in the indictment. To put it another way, “Apple.”
However, Apple was not the origin of the alleged fraudulent activity. According to reports, Roskin-Frazee violated the security of a password reset application that was utilized by “Company B,” which was contracted to provide customer service for Apple. After gaining access to the virtual private network (VPN) servers of the organization, he proceeded to submit over a dozen fake orders by either reducing the total amount to zero dollars or adding free products to orders that were already in progress. Around one hundred thousand dollars’ worth of free computers, phones, and other technology was given to him, but the majority of the loot came in the form of gift cards. According to the allegations, Roskin-Frazee stole Apple gift cards worth a total of $2.5 million. Prosecutors assert that the majority of the stolen products have been resold on websites that are not affiliated with the police.
According to the allegations made by the prosecution, the conspiracy started in December 2018 and continued until March 2019. Roskin-Frazee was just taken into custody a month ago, demonstrating how slowly the wheels of justice actually turn. Over the course of those intervening years, he was doing security audits on Apple products and services. It is because of this that he has been recognized in a number of Apple security warnings. The update for macOS Sonoma 14.2 that was released on January 22 includes a message from Apple stating that Roskin-Frazee reported many vulnerabilities. “We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance,” according to the assistance website. That acknowledgment is probably something that Apple would prefer to see retracted.