1 min read

Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities

Silviu STAHIE

September 24, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Researcher Publishes Proof-of-Concept Code and Details for Three Zero-Day iOS 15 Vulnerabilities

A security researcher just published proof-of-concept code for three zero-day vulnerabilities affecting the recently released iOS 15. A fourth vulnerability, affecting iOS 14.7, has been patched by Apple.

Many security researchers complained that Apple doesn't follow through with its promises in its bug bounty program. Sometimes it is late with fixes, and other times it ignores the reports altogether, the researchers say. A few days ago, another researcher published details of a lock screen bypass affecting iOS 15, claiming that Apple ignored or undervalued some of these reports.

Now, an unnamed security researcher says Apple failed to mention his name for a deployed fix, initially promising to do so in the next advisory. Four advisories later, the name of the researcher still hadn’t shown up. Moreover, of the four vulnerabilities sent to Apple, the company fixed only one, and three have been ignored and are still active.

"I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page," said the researcher.

The first vulnerability is named 'Gamed 0-day' and, if exploited, allows any app from the App Store to access a lot of personal data without any prompt from the user.

The second is 'Nehelper Enumerate Installed Apps 0-day.' According to the researcher, it " allows any user-installed app to determine whether any app is installed on the device given its bundle ID." The third one is somewhat similar, and it's called 'NehelperWifi Info 0-day.'

The final fourth, affecting iOS 14.7, was fixed by Apple. "This vulnerability allows any user-installed app to access analytics logs," the researcher explained. After being ignored by Apple, he published proof of concept for all four of them.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Dutch Police Send Warning Letter to Customers of DDoS-for-Hire Website Dutch Police Send Warning Letter to Customers of DDoS-for-Hire Website
Silviu STAHIE

October 15, 2021

1 min read
Australia Proposes Bold Plan to Fight Ransomware Attackers Australia Proposes Bold Plan to Fight Ransomware Attackers
Silviu STAHIE

October 14, 2021

1 min read
Anonymous Domain Name Registration Could Disappear in the European Union Anonymous Domain Name Registration Could Disappear in the European Union
Silviu STAHIE

October 14, 2021

1 min read