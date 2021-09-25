Proofs of concept for three critical vulnerabilities in iOS were released this Thursday night (15), with the researcher responsible for the discovery criticizing Apple and claiming to have been ignored about his findings. The gaps, of different characters, allow access to data and the visualization of applications installed on the device, among other exploits, and only a fourth has been resolved — but without the due credits and payment to the specialist.

According to he, who only identifies himself as “illusionofchaos” as a way to protect his own identity, the four openings were located earlier this year and reported to the manufacturer between March and May. However, only one of them was fixed, in July, without Apple citing due credit and paying a reward, according to its official bug scavenging program. To the researcher, the company claimed an error and said it would make the correction in the next iOS update — the update has already arrived, but the payment is not.

The disclosure of zero-day vulnerabilities ( or zero-day)—of those unknown even to OS developers, with high mitigation priority—follows the criteria of responsible disclosure, but also serves as criticism. The expert regrets the treatment given by Apple to the digital security community, with the company ignoring him in subsequent attempts to contact him, not giving new opinions on the reward for the corrected flaw or commenting on the others.

It appears to be able to pull my entire contact list and lots of details about my conversations, with no user prompt of any kind. I see a ton of my own private data in each of these 3 sections: pic.twitter.com/WIzo8lpQT1

— Kosta Eleftheriou (@keleftheriou) September 23, 24

The published proof of concept was validated by other experts, with the main one, called Gamed 0-day, which could be even explored on iOS 23, which came out this week. From the breach, a malicious application could gain unauthorized access to sensitive user data, which would normally be protected by the operating system. Malicious exploitation allows the diversion of full names and emails associated with Apple accounts, contact list information (with the right to record communications, but without the messages themselves) and authentication tokens that could allow access to services from Apple.

Whereas the other two flaws zero-day would allow an attacker, from a malicious app, visualize which other applications are installed on the device — thus allowing the exploitation of new holes, if available — or the manipulation of data transmitted over Wi-Fi networks. While there is no information about effective attacks using the openings , the publication of the proof of concept makes the path to them shorter, without users being able to do anything about it since, as said, the vulnerabilities are still present even on iOS 15.

The report of the unidentified expert joins other complaints of the type, which and involve non-payment of rewards, amounts below those listed in official materials or correction of openings without due credit. On this specific case, Apple has not commented, nor has it said whether it is analyzing the loopholes — previously, it has already stated that it values ​​the security community and works alongside researchers in improving its ecosystem.

