Three unpatched iOS 15 security flaws posted online — what you need to know
Three unpatched iOS xv security flaws posted online — what you need to know
UPDATED with additional information.
A researcher has posted exploits for three unpatched security vulnerabilities in Apple's iOS mobile operating system, claiming Apple has done nothing to fix the flaws despite knowing of them for several months.
The researcher, who calls himself "illusionofchaos," claimed in an English language-language post yesterday (Sept. 23) on a Russian blogging platform that all three exploits work on iOS xv, the latest version of Apple's mobile operating system, which was released merely this week.
- These iPhones and iPads just got an emergency security patch — update now
- The best Mac antivirus apps
- Plus: Don't use these Chinese smartphones, European regime warns
To be honest, none of the flaws sound critical — you tin can't utilize them to hack any random iPhone over the internet — and we tin can see why Apple might have dragged its feet on at least ii of them.
The researcher calls them "zip-day" flaws, which usually means that the programmer (in this instance Apple) has cypher time to set them before they're publicly disclosed, only in this instance information technology appears Apple tree has known of them since Apr.
What can you exercise about these iOS fifteen flaws?
Should you worry about these iii flaws? Yep, considering the virtually serious one could give installed apps at least temporary admission to your Apple tree account, which could lead to account takeover.
We don't know how you could stop this equally a user, as information technology's entirely internal, but you should routinely check on your Apple ID and App Store activeness just to make sure no one else has access to your account.
Nosotros've reached out to Apple for comment on these alleged flaws and will update this story when nosotros receive a reply.
Then far, the only person we know of who has been able to ostend that whatsoever of the vulnerabilities piece of work is Kosta Eleftheriou, an app developer who has long had a beefiness with Apple over App Shop policies. Eleftheriou said the most serious flaw does piece of work on iOS 15.
π¨Can confirm the exploit also works on iOS 15.0 - it'southward able to silently pull a *trove* of personal information without _any_ kind of user prompt.September 24, 2021
Apple ID admission from any app
The nigh serious flaw, the one that Eleftheriou said he was able to replicate, is apparently in a process called "gamed," likely pronounced "game-dee."
The Game Centre on iOS and macOS appears to utilize gamed to communicate with the App Store to synchronize game progress. A quick Google search finds many Mac and iPhone users complaining virtually gamed using up a lot of CPU and network resources.
Illusionofchaos said that the gamed flaw permits "any app installed from the App Shop" to admission your "Apple ID email and total name associated with it," your Apple tree ID hallmark token, and all contacts stored on your iPhone. (We're not sure whether "Apple tree ID electronic mail" refers to your Apple email address or to your email messages.)
Apps in the App Store are vetted past Apple, only they're not supposed to take full access to your Apple business relationship, which having the hallmark token would in theory temporarily confer. Nor are apps supposed to access your contacts without your permission.
This exploit works fifty-fifty if you disable Game Center on your iPhone, Illusionofchaos said.
Less serious flaws
The other two flaws are associated with "nehelper," an iOS process that seems to have something to do with network extensions.
Illusionofchaos said one vulnerability lets whatsoever user-installed app (i.e., one non preloaded on the device by Apple) tell whether any other app is installed on the aforementioned device. To be honest, that doesn't seem so serious to usa, although privacy-minded iPhone users may take different opinions.
The other nehelper flaw appears to permit apps authorized to use location information besides acquire the Wi-Fi network name of a connected Wi-Fi network, even if the apps aren't explicitly authorized to know that. We're not going to lose much sleep over this one either.
Illusionofchaos said he found a fourth flaw that let whatever user-installed app gain access to analytics logs on an iPhone, which could include medical and other biometric information about the user too equally device data. Illusionofchaos said this upshot was fixed with iOS fourteen.seven (released in July 2021), but that he wasn't given credit.
Other recent Apple tree security bug
Apple has had a spate of security bug lately. Just yesterday, it patched three actual cipher-day flaws in iOS 12 and macOS 10.15 Catalina, two of which were patched in iOS xiv and macOS Big Sur terminal week.
Meanwhile, at that place's an existing Finder flaw in macOS 11.vi Big Sur (and presumably before versions) that does seem to permit remote lawmaking execution — hacking, in other words — over the internet. Apple tree has not responded to our query about that one. And at least two more than variants of Mac malware have reared their heads in the past couple of months.
Apple bug-bounty beef
Illusionofchaos' real gripe is that Apple hasn't paid him the bug bounties he believes Apple owes him, a complaint so common among security researchers that information technology was recently the subject of a Washington Post story.
Illusionofchaos said he notified Apple tree of all three flaws, plus a fourth that Apple fixed in July with iOS 14.7 (but didn't credit him for), on April 29. He said Apple responded the post-obit day that it had received his written report and was investigating the issues.
Apple tree'southward bug-bounty program promises contained researchers that it volition pay them up to $ane meg if they find flaws in the visitor'south half-dozen operating systems, but many researchers say the company is more tight-fisted about payouts than other big companies with bug-bounty programs.
Updates: Researcher's name and other perspectives
Vice Motherboard got in touch with illusionofchaos, who said his real name was Denis Tokarev and admitted that the flaws he posted online were non that unsafe, at least not immediately.
"The ones that I've released do non lead to complete device compromise merely still allow malicious apps to gather a tremendous corporeality of sensitive and personal data," he told Motherboard's Lorenzo Franceschi-Bicchierai.
"Information technology's possible for any app to know exactly who you are, all your social circle, your patterns of communication with them and build a deep profile of you based on your communications and the kind of apps you have installed."
Tokarev warned that getting an exploit for at to the lowest degree one of his flaws — he didn't specify which one — into the App Shop might work. He said he uploaded an app containing it to Apple'southward own developer program and was able to install the app from there to his ain phone. Presumably the App Shop screening would be stricter.
Patrick Wardle, a well-known American Apple hacker, told The Register that "the bigger takeaway is that Apple is shipping iOS with known bugs."
Wardle pointed out that Tokarev/illusionofchaos was giving up a adventure at collecting some serious cash from Apple in exchange for venting his frustration at Apple tree'due south issues-bounty program — a sentiment Wardle himself seemed to share.
"Apple'southward hubris gets in the mode," he told The Register. "They (still) don't meet security researchers or white-hat hackers equally being on the same side."
While Apple tree's own security researchers "get it," Wardle said, Apple executives "believe their way is the right style and they don't demand any external assistance."
Source: https://www.tomsguide.com/news/ios-15-new-unpatched-flaws
Posted by: bakersulde1966.blogspot.com
0 Response to "Three unpatched iOS 15 security flaws posted online — what you need to know"
Post a Comment