Hacking

Researcher released PoC exploit code for 3 iOS zero-day issues

Researcher release PoC exploit code for three iOS zero-day flaws after Apple delayed addressing them and did not credit him.

An unknown researcher publicly released on GitHub proof-of-concept exploit code for three iOS zero-day vulnerabilities and one flaw addressed by Apple in July.

The experts discovered the four zero-day issues between March 10 and May 4 and reported them to the IT giant.

According to the researcher, Apple addressed one of the issues in July without crediting him, while the remaining flaws are yet to be patched.

“I want to share my frustrating experience participating in Apple Security Bounty program. I’ve reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update.” wrote the expert. “There were three releases since then and they broke their promise each time.”

The expert attempted to contact Apple for clarification, but the remaining flaws were not addressed.

Below is the list of GitHub repositories that contain PoC source code for the zero-days discovered by the expert, which were also shared with Apple. The expert explained that each repository contains an app that gathers sensitive information and presents it in the UI.

Researchers from BleepingComputer attempted to contact Apple, but the company has yet to reply at this time.

BleepingComputer reported that the software engineer Kosta Eleftheriou has confirmed that the app designed to exploit Gamed zero-day and harvest sensitive user information works on iOS 15.0, which is the latest version of the Apple iOS operating system.

The researcher explained that the Analyticsd, which was addressed in iOS 14.7, could allow any user-installed app to access analytics logs that contain a huge trove of information, including:

  • medical information (heart rate, count of detected atrial fibrillation and irregular heart rythm events)
  • menstrual cycle length, biological sex and age, whether user is logging sexual activity, cervical mucus quality, etc.
  • device usage information (device pickups in different contexts, push notifications count and user’s action, etc.)
  • screen time information and session count for all applications with their respective bundle IDs
  • information about device accessories with their manufacturer, model, firmware version and user-assigned names
  • application crashes with bundle IDs and exception codes
  • languages of web pages that user viewed in Safari

“All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected. That’s why it’s very hypocritical of Apple to claim that they deeply care about privacy. All this data was being collected and available to an attacker even if “Share analytics” was turned off in settings.” states the expert.

The researcher claims that Apple is hypocritical when says that it take care of the user privacy, he also added that has released the zero-day exploit code in accordance with responsible disclosure guidelines of companies like Google that gives a 90-days deadline to the vendor to address the reported issues.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

A ransomware attack disrupted services at Pittsburgh Regional Transit

A ransomware attack on Pittsburgh Regional Transit (PRT) was the root cause of the agency's…

44 minutes ago

A cyber attack hit Japan Airlines delaying ticket sales for flights

A cyberattack hit Japan Airlines (JAL), causing the suspension of ticket sales for flights departing…

5 hours ago

Apache fixed a critical SQL Injection in Apache Traffic Control

Apache Software Foundation (ASF) addressed a critical SQL Injection vulnerability, tracked as CVE-2024-45387, in Apache Traffic…

14 hours ago

BellaCPP, Charming Kitten’s BellaCiao variant written in C++

Iran-linked APT group Charming Kitten has been observed using a new variant of the BellaCiao…

18 hours ago

DMM Bitcoin $308M Bitcoin heist linked to North Korea

Japanese and U.S. authorities attributed the theft of $308 million cryptocurrency from DMM Bitcoin to…

1 day ago

Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code

Adobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC…

2 days ago

This website uses cookies.