Updated September 25th, 2021 at 22:27 IST
Researcher highlights three security flaws in Apple’s iOS15; See what data can be leaked
Apple iOS15 security flaws have been pointed out by "illusionofchaos". Check out the list of data that can be accessed by these security vulnerabilities.
Advertisement
Apple has just released their iOS 15 and they are extremely confident that their OS is completely free of any security vulnerabilities. To back it up, Apple has recently released a Security Bounty Program to the public. With this program, Apple will be willing to offer payouts with $1 million to any researcher who shares details about security threats in their iOS, iPadOS, macOS, tvOS, or watchOS. Several programmers have been sending in some information to this program and have helped the American tech giant to solve these issues.
iOS 15 security flaws
Recently, a security researcher who goes by the title"illusionofchaos" claimed that he had reported a total of zero-day vulnerabilities to Apple between March and May. The researcher claims that only one of these vulnerabilities have been fixed till now and the rest 3 can still be accessed by hackers. According to his blog post, several other researchers are not happy with the working of the Apple Security Bounty program. Here is a list of Tweets from researchers who have shared their thoughts about the Apple Security Bounty program.
#infosec #bugbounty #bughunter
— 5n1p3r0010 (@5n1p3r0010)
Apple bug bounty porgram is like a joke.After 3 months of the fix and their thoughly "invesgate",my 0-click heap buffer overflow gets non paid without a reliable exploit.Well done,apple.
Maybe next time I will public their vuln before it get fixed. pic.twitter.com/ngo940dimb
With today's fixes, I have 17(!!) cases with Apple, where the reward wasn't even decided in the Apple Security Bounty program. Some of these pending since the release of Big Sur 11.0.1. #apple #asb
— Csaba Fitzl (@theevilbit)
Researchers who are naive enough to submit bugs to Apple bug bounty should start demanding interest on the payments. They are losing investment opportunities and good returns on that money 😂😂😂😂😂
— fG! (@osxreverser)
Say no to Apple bug bounty 🖕
All Data that can be accessed using such iOS 15 security flaws
Apart from this, here is also a list of information about all the data that can be accessed using the three iOS15 vulnerabilities. All of this information has been taken from the “illusionofchaos” official blog on Habr. Check out the full blog post right here.
Apple ID email and full name associated with it
Apple ID authentication token which allows accessing at least one of the endpoints on *.apple.com on behalf of the user
Complete file system read access to the Core Duet database (contains a list of contacts from Mail, SMS, iMessage, 3rd-party messaging apps and metadata about all user's interaction with these contacts (including timestamps and statistics), also some attachments (like URLs and texts)
Complete file system read access to the Speed Dial database and the Address Book database including contact pictures and other metadata like creation and modification dates (I've just checked on iOS 15 and this one is inaccessible so that one must have been quietly fixed recently)
Advertisement
Published September 25th, 2021 at 22:27 IST