Hacking

Researcher released PoC exploit code for 3 iOS zero-day issues

Researcher release PoC exploit code for three iOS zero-day flaws after Apple delayed addressing them and did not credit him.

An unknown researcher publicly released on GitHub proof-of-concept exploit code for three iOS zero-day vulnerabilities and one flaw addressed by Apple in July.

The experts discovered the four zero-day issues between March 10 and May 4 and reported them to the IT giant.

According to the researcher, Apple addressed one of the issues in July without crediting him, while the remaining flaws are yet to be patched.

“I want to share my frustrating experience participating in Apple Security Bounty program. I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update.” wrote the expert. “There were three releases since then and they broke their promise each time.”

The expert attempted to contact Apple for clarification, but the remaining flaws were not addressed.

Below is the list of GitHub repositories that contain PoC source code for the zero-days discovered by the expert, which were also shared with Apple. The expert explained that each repository contains an app that gathers sensitive information and presents it in the UI.

Researchers from BleepingComputer attempted to contact Apple, but the company has yet to reply at this time.

BleepingComputer reported that the software engineer Kosta Eleftheriou has confirmed that the app designed to exploit Gamed zero-day and harvest sensitive user information works on iOS 15.0, which is the latest version of the Apple iOS operating system.

The researcher explained that the Analyticsd, which was addressed in iOS 14.7, could allow any user-installed app to access analytics logs that contain a huge trove of information, including:

  • medical information (heart rate, count of detected atrial fibrillation and irregular heart rythm events)
  • menstrual cycle length, biological sex and age, whether user is logging sexual activity, cervical mucus quality, etc.
  • device usage information (device pickups in different contexts, push notifications count and user’s action, etc.)
  • screen time information and session count for all applications with their respective bundle IDs
  • information about device accessories with their manufacturer, model, firmware version and user-assigned names
  • application crashes with bundle IDs and exception codes
  • languages of web pages that user viewed in Safari

“All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected. That’s why it’s very hypocritical of Apple to claim that they deeply care about privacy. All this data was being collected and available to an attacker even if “Share analytics” was turned off in settings.” states the expert.

The researcher claims that Apple is hypocritical when says that it take care of the user privacy, he also added that has released the zero-day exploit code in accordance with responsible disclosure guidelines of companies like Google that gives a 90-days deadline to the vendor to address the reported issues.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to…

3 hours ago

German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox

The German agency BSI has sinkholed a botnet composed of 30,000 devices shipped with BadBox…

23 hours ago

U.S. authorities seized cybercrime marketplace Rydox

The U.S. Department of Justice (DoJ) announced the seizure of the cybercrime marketplace Rydox ("rydox.ru"…

1 day ago

Experts discovered the first mobile malware families linked to Russia’s Gamaredon

The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states.…

2 days ago

US Bitcoin ATM operator Byte Federal suffered a data breach

US Bitcoin ATM operator Byte Federal suffered a data breach impacting 58,000 customers, attackers gained…

2 days ago

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices,…

2 days ago

This website uses cookies.