News

Security researcher: Apple has been ignoring 3 serious zero days in iOS 15 for months

By admin
Spread the love

Apple is ignoring three reported zero-day vulnerabilities in iOS 15, according to a disgruntled security researcher. One zero-day was fixed with iOS 14.7, without rewarding him for it. To express his dismay, he is now sharing details of the remaining vulnerabilities.

The security researcher, who calls himself “illusionofchaos,” claims to have discovered four significant vulnerabilities in Apple’s operating system between early March and early May, he explains in a blog post. Only one of the vulnerabilities is said to have been fixed, although Apple did not disclose anything about the incident, according to the researcher. He also received no reward through Apple’s controversial Security Bounty program. After several unanswered requests for explanations, illusionofchaos decided to reveal the three as yet unclosed leaks. So far, Apple has not responded substantively to the allegations made by the researcher.

According to illusionofchaos, it would still be possible to access sensitive user data via the Game Center app in iOS 15. The zeroday in question would allow apps installed through the App Store to access the Core Duet database. It contains, among other things, contacts, text messages, messages and telephone numbers. The Apple ID email address and full name of the user could also be stolen in this way. Developer Kosta Eleftheriou confirmed that an exploit is indeed possible in this way. He previously made headlines after he sued Apple for abuse of power.

Illusionofchaos also mentions two slightly less serious zero-days in his blog post that Apple would not have dealt with until now. The Nehelper Enumerate Installed Apps Zeroday gives all user-installed apps the ability to purposefully check whether a specific app is installed on an iPhone. The Nehelper Wifi Info vulnerability allows user-installed applications with access to the location data to access current information about the WiFi connection.

The only vulnerability found by the researcher that has so far been fixed is the Analyticsd zeroday, which allowed user-installed apps to access highly sensitive information. Medical data, gender, age and other sex-related data became accessible as a result. Illusionofchaos claims that Apple collects this user data for unknown reasons, which would clash with its emphatic focus on privacy.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones