CYBERSECURITY · PAYMENT SECURITY · OPINION Apple Knows. Visa Knows. Nobody Has Fixed It. Here’s Why. Apple and Visa both know about a flaw that lets attackers drain your locked iPhone. Years …

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

A security researcher analyzes the long-unpatched Apple Pay + Visa Express Transit vulnerability, where attackers can drain funds from a locked iPhone using off-the-shelf NFC hardware. The flaw exploits the intersection of Apple's Express Transit Mode and Visa's EMV authorization logic — neither company alone can fix it, and neither has. Drawing on personal experience with cross-vendor security gaps, the author argues the real problem is governance: accountability frameworks never cover the boundary between systems. A technical fix (EMV relay-resistant protocol) already exists but requires both parties to coordinate. Practical advice includes disabling Visa from Express Transit Mode and asking vendors who owns cross-boundary vulnerabilities in contracts.