A security researcher claims that Apple is yet to fix multiple zero-day vulnerabilities in iOS 15 reported to them six months ago. These are now present in iOS 15 released on September 20th.
The security researcher who goes by the pseudonym illusionofchaos in a detailed blog post on Friday claimed that he had submitted four zero-day vulnerabilities to Apple between March 10 and May 4, 2021, when iOS 15 was not yet in the middle.
One of the bugs affecting the iOS Analyticsd was patched in iOS 14.7, but Apple never publicly acknowledged this and listed it on its official vulnerability page. The researcher said Apple “decided to cover it up and not list it on the security content page.”
When he asked why the vulnerability is not on the list, Apple apologized and assured him that it happened due to a processing issue and promised to include it on the security advisories in an upcoming update. However, the bug was not included in the next list of vulnerabilities.
“Ten days ago I asked for an explanation and warned then that I would make my research public if I don’t receive an explanation. My request was ignored so I’m doing what I said I would. My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI – in 120). I have waited much longer, up to half a year in one case,” illusionofchaos wrote.
Besides the fixed bug, the researcher states that there are three more security flaws present in the released version of iOS 15, which are not yet fixed. According to him, these bugs, which Apple is ignoring, directly threatens the privacy of user information.
One of the vulnerabilities includes a Nehelper Wifi Info 0-day flaw where apps that have location services permissions can also access Wi-Fi information, while the Gamed 0-day flaw allows apps downloaded from the iOS App Store to access users’ Apple ID credentials and information without their permission.
The third Nehelper Enumerate Installed Apps 0-day flaw allows any user-installed app to check whether any other app is installed on a device by using bundle ID.
The above three zero-day vulnerabilities still remain unpatched until date. Apple has yet to comment on the matter.
This is not the first time a security researcher has expressed discontent at Apple’s Security Bounty program. While Apple said its bug bounty program is a “runaway success,” many security researchers have criticized it for not paying bug bounty in accordance with its reward program guidelines or poor communication, and other problems.
