Cybersecurity specialist under the pseudonym illusionofchaos reported three vulnerabilities in iOS for iPhone, including those available in the latest version of the operating system. Gaps in the system allow you to obtain personal information, such as contacts and photos of people from your address book. The person who reported the vulnerabilities publicly posted the code demonstrating them: he said that he did it, since Apple did not fix the problems for six months.
“Apple was notified of all the vulnerabilities described in the article between March 10 and May 4, Apple’s acceptance responses came the next day after each notification … As of September 24, I haven’t received a response, due to than I publish this article, “- said illusionofchaos on his blog on Habr.
The first vulnerability, working in iOS 15, allows access to the Apple ID address, all data from the address book and the time of interaction with each of the contacts. Two other vulnerabilities allow you to determine if a particular application is installed on the iPhone and obtain information about the Wi-Fi hotspot. The researcher noted that another vulnerability related to the collection of analytics was fixed in iOS 14.7, but Apple did not report this either in the correspondence or in the description of the update.
iOS 15 was released on September 20 along with new systems for the iPad and Apple Watch. A few days before the release of the new version, the company released an update to the old one to close the vulnerability exploited by the Pegasus spyware. Apple yesterday rolled out a similar update to older devices, notably the iPhone 5S and 6.
.