Menu Close

Apple reacts to the zero-day vulnerabilities in iOS 15

Apple reacts to a security researcher who discovered many zero day vulnerabilities in iOS 15

Apple is facing major criticism on multiple accounts especially after the much-anticipated iPhone 13 was unveiled. The device proved to be underwhelming for the majority due to the minimal upgrades, some users even went as far as claiming that it was a downgrade from iPhone 12. Meanwhile, the iOS 15 seems to cause more issues than solving them. As always, Apple users have complained that there seems to be an issue with their iPhone’s battery after the iOS update.

Recently, there seems to be a skirmish going on between a security researcher and the Silicon Valley-based, company as the former claims that the tech giant did not him the credit he deserved after pointing out various zero-day vulnerabilities in iOS 15.

Further Details

In 2019, Apple revamped its vulnerability bounty program, making it available to everyone and increasing rewards, among other things. However, the scheme has received a lot of backlash from the information security community. Another security researcher has now published their story, saying that Apple failed to acknowledge them for one zero-day bug they disclosed that was corrected, and that iOS 15 contains three more zero-day flaws.

After the researcher posted his concerns, Apple came across the comment and responded. “We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you,” an Apple employee wrote. “We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”

The researcher provided proof of concept source code for three more zero-day vulnerabilities he discovered, including the “Gamed 0-day,” “Nehelper Enumerate Installed Apps 0-day,” and “Nehelper Wifi Info 0-day.”

The vulnerabilities caused the following issues:

  • Without the user’s permission, every app downloaded from the App Store can access the user’s data which includes emails, files, messages, and much more.
  • Any user-installed program can leverage the vulnerability to determine whether or not an app is installed on the device based on its bundle ID.
  • Wi-Fi information could be accessed by third parties quite easily.

The aforementioned vulnerabilities are quite concerning since third parties could access user’s data without their consent. This is extremely poor execution on Apple’s behalf since data sharing of any kind without the user’s approval is a gross violation of their privacy. The vulnerabilities come as a major shock since the tech giant has been pioneering the data rights movement, especially after its App Tracking Transparency feature.  We urge Apple to take strict actions to protect user data in order to protect their privacy. We hope the company will be more vigilant in the future and carry out its data protection policies more efficiently. 

Meanwhile, the iPhone 13 is getting a lackluster response from the public. Apple users are reluctant to discard their devices for the latest upgrade since they do not see it as worth the hassle. We shall have to wait for some quantitative data to determine if the iPhone 13 is indeed a miss or a hit.

Leave a Reply

Your email address will not be published. Required fields are marked *