Advertisement

Updated September 25th, 2021 at 22:27 IST

Researcher highlights three security flaws in Apple’s iOS15; See what data can be leaked

Apple iOS15 security flaws have been pointed out by "illusionofchaos". Check out the list of data that can be accessed by these security vulnerabilities.

Reported by: Sahil Mirani
Apple
Image: Twitter/ @urtechseeker | Image:self
Advertisement

Apple has just released their iOS 15 and they are extremely confident that their OS is completely free of any security vulnerabilities. To back it up, Apple has recently released a Security Bounty Program to the public. With this program, Apple will be willing to offer payouts with $1 million to any researcher who shares details about security threats in their iOS, iPadOS, macOS, tvOS, or watchOS. Several programmers have been sending in some information to this program and have helped the American tech giant to solve these issues.

iOS 15 security flaws

Recently, a security researcher who goes by the title"illusionofchaos" claimed that he had reported a total of zero-day vulnerabilities to Apple between March and May. The researcher claims that only one of these vulnerabilities have been fixed till now and the rest 3 can still be accessed by hackers. According to his blog post, several other researchers are not happy with the working of the Apple Security Bounty program. Here is a list of Tweets from researchers who have shared their thoughts about the Apple Security Bounty program. 

All Data that can be accessed using such iOS 15 security flaws

Apart from this, here is also a list of information about all the data that can be accessed using the three iOS15 vulnerabilities. All of this information has been taken from the “illusionofchaos” official blog on Habr. Check out the full blog post right here

Apple ID email and full name associated with it

Apple ID authentication token which allows accessing at least one of the endpoints on *.apple.com on behalf of the user

Complete file system read access to the Core Duet database (contains a list of contacts from Mail, SMS, iMessage, 3rd-party messaging apps and metadata about all user's interaction with these contacts (including timestamps and statistics), also some attachments (like URLs and texts)

Complete file system read access to the Speed Dial database and the Address Book database including contact pictures and other metadata like creation and modification dates (I've just checked on iOS 15 and this one is inaccessible so that one must have been quietly fixed recently)

Advertisement

Published September 25th, 2021 at 22:27 IST

Your Voice. Now Direct.

Send us your views, we’ll publish them. This section is moderated.

Advertisement
Advertisement

Trending Quicks

Advertisement
Advertisement
Advertisement
Whatsapp logo