AttackFeed by Joe Wagner | Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility  - Full Disclosure

Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility  – Full Disclosure

Posted on By Joe-W
Alert Feeds

 

Posted by Joseph Goydish II via Fulldisclosure on Apr 02

SUMMARY

Apple’s Oblivious HTTP relay for Live Caller ID Lookup (iOS 18+) routes
traffic through 14 third-party endpoints across six countries. These include
an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint
(Yandex), and a Swiss GmbH whose privacy policy names “The Legal Entity to
be Confirmed” as its data controller. None of this is disclosed to users.

This is shared infrastructure. All devices using Live…
 – Read More  – Full Disclosure 

You may also like

AttackFeed by Joe Wagner | CyberDanube Security Research 20260408-1 | Multiple Vulnerabilities in Siemens SICAM A8000  - Full Disclosure
Alert Feeds
CyberDanube Security Research 20260408-1 | Multiple Vulnerabilities in Siemens SICAM A8000  – Full Disclosure
April 14, 2026
AttackFeed by Joe Wagner | APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5  - Full Disclosure
Alert Feeds
APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5  – Full Disclosure
March 28, 2026
AttackFeed by Joe Wagner | APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8  - Full Disclosure
Alert Feeds
APPLE-SA-04-22-2026-2 iOS 18.7.8 and iPadOS 18.7.8  – Full Disclosure
April 29, 2026
AttackFeed by Joe Wagner | APPLE-SA-03-24-2026-6 tvOS 26.4  - Full Disclosure
Alert Feeds
APPLE-SA-03-24-2026-6 tvOS 26.4  – Full Disclosure
March 28, 2026