This week, an unnamed researcher exposed three iOS vulnerabilities, claiming that Apple's latest iOS15 update is still vulnerable to them. The researcher criticized Apple for ignoring warnings about the vulnerabilities, saying it first disclosed them to Apple in April. These vulnerabilities can be used to reveal your Apple ID, real name, Wi-Fi information, and more.
In a blog post, the researcher said he first reported on four Apple Security vulnerabilities on April 29. Apple fixed a vulnerability in iOS 14.7 in June, but failed to do so. Don't mention it in the security notes for this update. The researcher says that Apple did not mention this in the following security notes, nor did they examine the other three vulnerabilities or show them those vulnerabilities.
The researcher warned Apple on September 13 that it will conduct its own research. General if the remaining vulnerabilities are not fixed. This week's blog post appears to contain full descriptions of the vulnerabilities as well as links to their GitHub repositories in response to Apple's release of iOS 15, which has not been patched.
The vulnerability could allow an app to access the Apple ID with the full name associated with it without a user request. It can also access the list of third-party SMS, mail, iMessage, and messaging apps. It can access metadata about how users interact with these contacts, including things like scheduling, URLs, and text. The researcher believes that iOS 15 may have partially removed this abuse. /p> - Kosta Eleftheriou (keeltheriou) Sep 24, 2021
Another vulnerability allows each installed program to determine if another program is installed using its own package ID. The third vulnerability allows any app to potentially access Wi-Fi information. iOS 14.7 fixed a vulnerability that allowed apps to access analytics information such as medical information, screen time, the languages users viewed in Safari, and more.
A software engineer has since confirmed this claim. The process works on iOS 15.
Apple released iOS 12.5.5 this week, which is a security update for devices still running iOS 12. This includes older devices like the iPhone 5 and iPhone 6 that have been discontinued. Get major updates after iOS 12. This system fixes vulnerabilities that could lead to arbitrary code execution.
A researcher has revealed three iOS platforms that are still usable in iOS 15 and criticize Apple for ignoring them