The researcher warns of three iPhone zero-day hacks that have not yet been fixed

Source: Christine Romero-Chan / iMore

A security researcher warned that Apple did not fix the three zero-day vulnerabilities discovered in iOS 15.

Illusionofchaos came to the internet stating:

I want to share my frustrating experience by participating in the Apple Security Bounty program. This year, I reported four 0-day vulnerabilities between March 10 and May 4, three of which are still present in the latest version of iOS (15.0), and one was fixed in 14.7, but Apple chose to cover it up and not they list it on the security content page. When I confronted them, they apologized, assured me that it happened due to processing issues, and promised to list it on the security content page of the next update. Since then, three editions have been published and each time they have broken their promise.

The researcher says that they contacted Apple for an update and threatened to publish their findings if they do not receive an explanation. While one problem found was patched in iOS 14.7, three more are apparently still present in the latest software that Apple released earlier this week before today’s launch of the iPhone 13.

One issue reportedly allows any app installed from the App Store to access Apple ID username and full name, Apple ID authentication token, database containing contact information and interaction records, and database for speed dialing and address book including things like contact pictures. Another vulnerability “allows any application installed by a user to determine if an application is installed on the device based on its package ID.” The final zero-day error “allows any qualified application (e.g., which has site access authority) to gain access to WiFi data without the necessary rights.”

VPN Offers: Lifetime license for $ 16, monthly plans of $ 1 and up

Illusionofchaos says they sent detailed reports to Apple in April this year and was quickly informed that Apple was investigating the problems. As noted, although another issue has been resolved, the above vulnerabilities still exist, and Illusionofchaos says they have not received any response from Apple since Friday, Sept. 24.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button