Security News > 2021 > September > Frustrated dev drops three zero-day vulns affecting Apple iOS 15 after six-month wait
Upset with Apple's handling of its Security Bounty program, a bug researcher has released proof-of-concept exploit code for three zero-day vulnerabilities in Apple's newly released iOS 15 mobile operating system.
"I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page," the researcher wrote.
Apple on Thursday issued a patch for macOS Catalina to address a different zero-day, having gone through a similar exercise ten days earlier to address a zero-click iMessage bug used to target human rights activists and other flaws.
Kosta Eleftheriou, the developer behind the Apple Watch keyboard app FlickType, said via Twitter that he tested the Gamed 0-day on iOS 14.8 and iOS 15 and confirmed that it works as advertised.
"To me, the bigger takeaway is that Apple is shipping iOS with known bugs," Wardle said, noting that "IllusionOfChaos" claims to have reported the bugs months ago.
The Register asked Apple to comment, but the brick wall did not respond.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/09/24/apple_zeroday/
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)