A security researcher has published details of a number of vulnerabilities that allow apps to access sensitive user data — and apparently can continue to be used in iOS 15. The security researcher with the pseudonym “Illusion” reports that he reported four zero-day vulnerabilities to Apple in the spring. However, the manufacturer removed only one of them with iOS 14.7, without documenting it in the security release notes for the public – and perhaps without rewarding it through a bug bounty program.
Reportedly no response from Apple
Apple previously apologized and promised to fix the vulnerability – but it didn’t, and the other three holes are still open. A few days ago a new request went unanswered, writes in a state of confusionSo he decided to publish it. They have published the code on Github as a “proof of concept” with which the bug can be exploited.
Apple’s game network Game Center seems to have the biggest problem: Apps installed from the App Store are able to read the email address and full name of a user’s Apple ID, among other things. It should also be possible to access the “Core Duet” database, which provides insight into the user’s communications: it contains a list of metadata such as time stamps and contacts with whom messages are exchanged via iMessage, Mail, and third-party messengers. was done through.
It’s also possible to read the entire Address Book database without user consent in iOS 14.8 — Apple also quietly fixed the latter in iOS 15, notes IllusionOfchas. Access is also possible if Game Center has not been activated on the device.
Criticism of the bug bounty program
Two other published bugs may give existing location sharing apps access to WiFi names and enable a check to see if certain apps are installed on the device. Bug fixed with iOS 14.7 enabled apps to read analysis data recorded by the device. According to the security researcher, these may also contain sensitive data – even Health’s health data. In the data protection settings under “Analysis and Correction” / “Analysis Data”, the user can himself check what the system is recording there; No sensitive information was found on the two iPhones from the Mac&I editorial team.
Apple’s bug bounty program has long been criticized. In recent months, more and more security researchers have spoken out with their disappointing experiences — whether or not Apple is reacting slowly to error reports and willing to pay less money for bugs than advertised, it is said. Is.
(LBE)