Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Frustrated Researcher Discloses Three Unpatched iOS Vulnerabilities

A researcher has made public the details of three unpatched iOS vulnerabilities after he became frustrated with how Apple runs its bug bounty program.

The researcher, Denis Tokarev (aka illusionofchaos), disclosed his findings last week on the Russian IT blog Habr.

A researcher has made public the details of three unpatched iOS vulnerabilities after he became frustrated with how Apple runs its bug bounty program.

The researcher, Denis Tokarev (aka illusionofchaos), disclosed his findings last week on the Russian IT blog Habr.

Tokarev claims to have reported four iOS vulnerabilities to Apple between March 10 and May 4, but only one of them was fixed and Apple did not mention it in its release notes.

“When I confronted [Apple], they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time,” the researcher said.

He added, “Ten days ago I asked for an explanation and warned then that I would make my research public if I don’t receive an explanation. My request was ignored so I’m doing what I said I would.”

The researcher’s blog post contains technical details for each of the four security holes he reported, as well as links to proof-of-concept (PoC) exploits hosted on GitHub. He argued that he gave Apple enough time to release patches and pointed to major companies such as Google and ZDI, which typically give vendors 90 and 120 days, respectively, to patch vulnerabilities before disclosing them. “I have waited much longer, up to half a year in one case,” Tokarev said.

The vulnerability that was patched by Apple (with the release of iOS 14.7) can allow a malicious application installed on a device to access information stored by Apple in analytics logs. The researcher said these files can store information about the device and its usage, as well as some health-related data.

The flaws that have yet to be patched — the researcher says they can be exploited on the latest iOS 15 version — allow malicious applications installed on a device to access various types of information. One can be exploited to obtain Wi-Fi information and another can be leveraged to enumerate installed apps.

Advertisement. Scroll to continue reading.

The most serious of them allows “any app installed from the App Store” to access a wide range of data without prompting the user. Exposed data includes email address, associated name, Apple ID authentication token, and information associated with the victim’s contacts.

Over the weekend, Tokarev updated his blog post to say that Apple had reached out to him. The tech giant allegedly apologized for the delayed response and said it was still investigating the issues and how they can be addressed.

Someone in the jailbreaking community claimed to have fixed all of the unpatched iOS vulnerabilities.

Tokarev is the latest on a long list of security researchers frustrated with Apple’s bug bounty program. Many have complained over the past years about delayed responses and rewards they considered too small.

The tech giant said it paid out $3.7 million last year and several researchers have confirmed receiving significant bug bounties from the company.

Related: Researchers Earn $50,000 for Hacking Apple Servers

Related: Apple Awards Researcher $75,000 for Camera Hacking Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.