A serious warning has been issued by a security expert that if right puts millions of iPhones at risk due to a O day flaw, it’s claimed Apple has ignored the threats.
The issues that have been has been revealed to Apple, exposed three zero-day flaws which exist in iOS 14 and iOS 15, they are so bad that they place iPhones in immediate danger claims an anonymous security expert.
He claims, “I’ve reported four 0-day vulnerabilities this year between March 10 and May 4 to Apple, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page,” explains the researcher, who published under the pseudonym illusionofchaos.
“When I confronted them (apple) they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.”
He went on to claim “Ten days ago I asked for an explanation and warned them that I would make my research public if I don’t receive an explanation. My request was ignored so I’m doing what I said I would. My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI – in 120). I have waited much longer, up to half a year in one case.”
According to Forbes, Marco Arment, creator of Instapaper and Overcast and former CTO of Tumbler, was hugely critical of Apple tweeting “What will it take for Apple to change their entire CULTURE of how they treat outside developers?” As an example, he focuses in on one of the new zero-day flaws.
He added “Click through to see the Game Centre exploit in particular, It’s rough. Things like this should almost never slip through the cracks with a functioning security program…. with Apple, it’s commonplace. That’s so deeply broken, yet nothing changes. What will it take?”
For Apple fans the concerns are twofold, Firstly, there is the immediate threat of zero-day hacks and the fear that this is just the tip of the iceberg with researchers being ignored and many more unfixed zero-day flaws being allowed to exist in the iPhone eco system for months at any given time.