iPhone users warned of ‘THREE zero-day flaws that put millions of Apple users in immediate danger’

IPHONE users have been warned of three zero-day flaws that allegedly put millions of Apple users in “immediate danger.”

An anonymous security researcher said that the flaws, which they claim to have pointed out to Apple months ago, still exist in the latest iOS 14 and iOS 15 updates.

An anonymous security researcher claimed there were three zero-day flaws in Apple's latest iOS

2

An anonymous security researcher claimed there were three zero-day flaws in Apple’s latest iOS

In a new blog post, the researcher, posting under the username illusionofchaos, alleged that they reported four zero-day vulnerabilities to Apple back in the spring, and only one has been addressed so far.

“I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page,” the researcher claimed.

The four issues the blogger exposed were “Gamed 0 day, Nehelper Enumerate Installed Apps 0-day, Nehelper Wifi Info 0-day, and Analyticsd,” which the blogger says was fixed in 14.7.

The blog post goes on to explain exactly how each alleged vulnerability puts Apple users at risk.

The researcher said they are making the issues public now so that Apple is forced to finally address the problems.

“When I confronted [Apple], they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update,” the blog post claims.

“There were three releases since then and they broke their promise each time.”

The post continues: “Ten days ago I asked for an explanation and warned them that I would make my research public if I don’t receive an explanation.

“My request was ignored so I’m doing what I said I would. My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI – in 120).

“I have waited much longer, up to half a year in one case.”

The blog post also links to a series of other users who have allegedly reported security issues and not received helpful responses from the company.

OTHERS SLAM APPLE OVER SECURITY

Marco Arment, the creator of Instapaper and former CTO of Tumblr, took to Twitter to slam Apple over the latest revelations.

“Security relations are developer relations,” he wrote.

“What will it take for Apple to change their entire CULTURE of how they treat outside developers?

“Click through to see the Game Center exploit in particular,” he continued with a link to the illusionofchaos blog post.

“It’s rough. Things like this should almost never slip through the cracks with a functioning security program. Instead, with Apple, it’s commonplace. That’s so deeply broken, yet nothing changes. What will it take?”

Apple did not immediately return Central Recorder’s request for comment on the matter.

Apple has not yet addressed the allegations

2

Apple has not yet addressed the allegations Image Credits: AP
Huge iPhone bug lets anyone ‘enter your phone’ from lockscreen and read Notes app

Latest News

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here