Disgruntled Researcher Publicly Disclosed Three iOS Zero-Day Bugs As Apple Delayed Patches

Annoyed after the slow response from Apple, a researcher has publicly dropped three iOS zero-day bugs with serious impact. Apple has recently confirmed to investigate the bugs in detail. But it seems the patches may not arrive anytime soon.

Three iOS Zero-Day Bugs Disclosed

A disgruntled researcher Denis Tokarev found three zero-day bugs affecting iOS devices. The researcher, mainly a software developer, discovered the vulnerabilities earlier this year.

Explaining the bugs in a blog post, the researcher stated that the following issues even affect the latest iOS 15.

  • Gamed 0-day: Any app downloaded from the App Store can access sensitive user data without generating prompts. According to the researcher, the data accessed this way includes users’ Apple email ID and full name, Apple ID authentication token for apple.com endpoints, and complete file system read access to important databases. These include access to Core Duet database containing contact list, users’ metadata of interactions with the contacts, Speed Dial database, and Address Book database.
  • Nehelper Enumerate Installed Apps 0-day: Any app installed on the device can check for the presence of other apps via the bundle ID. That’s because of a vulnerability in the XPC endpoint com.apple.nehelper.
  • Nehelper Wifi Info 0-day: Due to a vulnerability in the XPC endpoint com.apple.nehelper, any app could access WiFi details of the device. As described by the researcher,

XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, com.apple.developer.networking.wifi-info entitlement check is skipped.

According to Tokarev, alongside these three bugs, the researcher also found another vulnerability that Apple quietly patched without acknowledgment. The researcher noticed the issue received a fix with iOS 14.7.

  • Analyticsd: This issue allowed any app to access analytics logs that may include sensitive information such as medical details, device usage details, screen time and apps’ sessions data, and more. Tokarev also pointed out the absurdity of such extensive data collection by Apple that risks users’ privacy.

Apple Assured To Patch Soon

Despite promising to mention the patched vulnerability in subsequent security advisories and fixing the unpatched flaws, Apple failed to do any of these.

Hence, the disappointed researcher decided to disclose his findings publicly.

Nonetheless, 24 hours after the publication surfaced online, Apple again promised a fix. As per its statement,

We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you.
We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance.
Please let us know if you have any questions.

Keeping aside Apple’s vague handling of this matter, what matters the most is for users to remain cautious. As the bugs haven’t received any fixes yet (nor does it seem to happen anytime soon), users must remain very careful regarding what apps they install and use to avoid giving unnecessary detail to any unwanted app.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients