Security News > 2021 > September > Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait
Upset with Apple's handling of its Security Bounty program, a bug researcher has released proof-of-concept exploit code for three zero-day vulnerabilities in Apple's newly released iOS 15 mobile operating system.
"I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page," the researcher wrote.
Apple on Thursday issued a patch for macOS Catalina to address a different zero-day, having gone through a similar exercise ten days earlier to address a zero-click iMessage bug used to target human rights activists and other flaws.
Kosta Eleftheriou, the developer behind the Apple Watch keyboard app FlickType, said via Twitter that he tested the Gamed 0-day on iOS 14.8 and iOS 15 and confirmed that it works as advertised.
"To me, the bigger takeaway is that Apple is shipping iOS with known bugs," Wardle said, noting that "IllusionOfChaos" claims to have reported the bugs months ago.
The Register asked Apple to comment, but the brick wall did not respond.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/24/apple_zeroday/
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)