A security researcher just published proof-of-concept code for three zero-day vulnerabilities affecting the recently released iOS 15. A fourth vulnerability, affecting iOS 14.7, has been patched by Apple.
Many security researchers complained that Apple doesn’t follow through with its promises in its bug bounty program. Sometimes it is late with fixes, and other times it ignores the reports altogether, the researchers say. A few days ago, another researcher published details of a lock screen bypass affecting iOS 15, claiming that Apple ignored or undervalued some of these reports.
Now, an unnamed security researcher says Apple failed to mention his name for a deployed fix, initially promising to do so in the next advisory. Four advisories later, the name of the researcher still hadn’t shown up. Moreover, of the four vulnerabilities sent to Apple, the company fixed only one, and three have been ignored and are still active.
“I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page,” said the researcher.
The first vulnerability is named ‘Gamed 0-day’ and, if exploited, allows any app from the App Store to access a lot of personal data without any prompt from the user.
The second is ‘Nehelper Enumerate Installed Apps 0-day.’ According to the researcher, it ” allows any user-installed app to determine whether any app is installed on the device given its bundle ID.” The third one is somewhat similar, and it’s called ‘NehelperWifi Info 0-day.’
The final fourth, affecting iOS 14.7, was fixed by Apple. “This vulnerability allows any user-installed app to access analytics logs,” the researcher explained. After being ignored by Apple, he published proof of concept for all four of them.