Security News > 2021 > September > Researcher drops three iOS zero-days that Apple refused to fix
Proof-of-concept exploit code for three iOS zero-day vulnerabilities was published on GitHub after Apple delayed patching and failed to credit the researcher.
The unknown researcher who found the four zero-days reported them to Apple between March 10 and May 4.
"Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience," Apple told him when asked why the list of fixed iOS security bugs didn't include his zero-day.
All attempts made to get an explanation for Apple's failure to fix the rest of these unpatched vulnerabilities and for their refusal to credit them were ignored even though more security advisories, for iOS 14.7.1, iOS 14.8, and iOS 15.0, have since been published.
Software engineer Kosta Eleftheriou confirmed that the app designed to exploit Gamed zero-day and harvest sensitive user information works on iOS 15.0, the latest iOS version.
"All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected," the researcher said, referring to the analyticsd zero-day silently patched in iOS 14.7.
News URL
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple creates Private Cloud Compute VM to let researchers find bugs (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)