Proofs of concept for three critical iOS vulnerabilities were released this Thursday night, with the researcher responsible for the discovery criticizing Apple and claiming to have been ignored about his findings. The gaps, of different characters, allow access to data and the visualization of applications installed on the device, among other exploits, and only a fourth has been resolved — but without the due credits and payment for the specialist.

According to him, who identifies himself only as “illusionofchaos” as a way to protect his identity, the four openings were located earlier this year and reported to the manufacturer between March and May. However, only one of them was fixed, in July, without Apple citing due credit and paying a reward, according to its official bug scavenging program. To the researcher, the company claimed an error and said it would make the correction in the next iOS update — the update has already arrived, but the payment is not.

The disclosure of zero-day vulnerabilities (or zero-day)—of those unknown even to OS developers, with a high mitigation priority—follows responsible disclosure criteria, but also serves as a critique. The expert laments the treatment given by Apple to the digital security community, with the company ignoring him in subsequent attempts to contact, not giving new opinions on the reward for the corrected flaw or commenting on the others.

It appears to be able to pull my entire contact list and lots of details about my conversations, with no user prompt of any kind. I see a ton of my own private data in each of these 3 sections: pic.twitter.com/WIzo8lpQT1 — Kosta Eleftheriou (@keleftheriou) September 24, 2021

The published proof of concept has been validated by other experts, with the main one being called Gamed 0-day, it can even be exploited on iOS 15, which came out this week. From the breach, a malicious application could gain unauthorized access to sensitive user data, which would normally be protected by the operating system. Malicious exploitation allows the diversion of full names and emails associated with Apple accounts, contact list information (with the right to record communications, but without the messages themselves) and authentication tokens that could allow access to services from Apple.

The other two failures zero-day would allow an attacker, from a malicious app, to see what other applications are installed on the device — thus allowing the exploitation of new holes, if available — or the manipulation of data transmitted over Wi-Fi networks. While there is no information about Effective scams using the openings, the publication of the proof of concept makes the path to them shorter, without users being able to do anything about it since, as said, the vulnerabilities are still present even in iOS 15.

The unidentified expert’s report joins other complaints of the type, which involve non-payment of rewards, amounts below those listed in official materials or correction of openings without due credit. On this specific case, Apple has not commented, nor has it said whether it is analyzing the loopholes — previously, it has stated that it values ​​the security community and works alongside researchers to improve its ecosystem.

Source: Habr