ADVERTISEMENT

Apple ignores multiple security issues on iOS 15, researcher claims

apple unlock
Paulius Masiliauskas
Paulius Masiliauskas Content Lead
Sep 25, 2021 Updated: 9 June 2022 2 min read
  • The reserarcher has discovered four vulnerablities of iOS releases
  • Apple fixed one of the issues, with other three still in the wild
  • Apple has not disclosed information about any of the issues on their security content pages

What vulnerabilities are they?

Gamed 0-day

  • Apple ID email and full name associated with it
  • Apple ID authentication token allowing to access at least one endpoint with *.apple.com on behalf of the user
  • Complete file system read access to the Core Duet database (contains Mail, SMS, iMessage, 3rd-party messaging apps contact list and metadata about all user's interaction with these contacts, as well as some attachments
ADVERTISEMENT

Nehelper Enumerate Installed Apps 0-day

Nehelper Wifi Info 0-day

Analyticsd

  • Medical information (heart rate, detected irregular heart activity events)
  • Personal health information (menstrual cycle, age, whether user is logging sexual activity and cervical mucus quality, etc.)
  • Device usage information (push notification count, user activity with them, device pickups in different contexts)
  • Screen time information (including session count for all applications)
  • Device accessory info (including manufacturer, model, firmware information)
  • General browsing info (application crash and Safari web page language info)

No response from Apple

ADVERTISEMENT