fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Apple Silently Fixes iOS Zero-day, Asks Bug Reporter To Keep Quiet

Apple Silently Fixes iOS Zero-day, Asks Bug Reporter To Keep Quiet

Apple has silently fixed a ‘gamed’ zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.

The company addressed the bug without acknowledging or crediting software developer Denis Tokarev for the discovery even though he reported the flaw seven months before iOS 15.0.2 was released.

Failures to credit bug reports

In July, Apple also silently patched an ‘analyticsd’ zero-day flaw with the release of 14.7 without crediting Tokarev in the security advisory, instead promising to acknowledge his report in security advisories for an upcoming update.

Since then, Apple published multiple security advisories (iOS 14.7.1, iOS 14.8, iOS 15.0, and iOS 15.0.1) addressing iOS vulnerabilities but, each time, they failed to credit his analyticsd bug report.

Also Read: Top 8 Main PDPA Obligations To Boost And Secure Your Business

“Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience,” Apple told him when asked why the list of fixed iOS security bugs didn’t include his zero-day.

Two days ago, after iOS 15.0.2 was released, Tokarev emailed again about the lack of credit for the gamed and analyticsd flaws in the security advisories. Apple replied, asking him to treat the contents of their email exchange as confidential.

This wouldn’t be the first time Apple’s security team asked for confidentiality: the first time happened in August when he was told the gamed zero-day would be fixed in a future security update and urged not to disclose the bug publicly.

“All things considered, they treat gamed vulnerability a bit better that analyticsd, at least they don’t ignore me and lie to me this time,” Tokarev told BleepingComputer.

Other bug bounty hunters and security researchers have also reported having similar experiences when reporting vulnerabilities to Apple’s product security team via the Apple Security Bounty Program.

Some said bugs reported to Apple were silently fixed, with the company failing to give them credit, just as it happened in this case.

Others weren’t paid the amount listed on Apple’s official bounty page [12] or haven’t received any payment at all, while some have been kept in the dark for months on end with no replies to their emails.

Two zero-days left to (silently) patch

In total, Tokarev found four iOS zero-days and reported them to Apple between March 10 and May 4. In September, he published proof-of-concept exploit code and details on all iOS vulnerabilities after the company failed to credit him after patching the gamed zero-day in July.

Also Read: 5 Tips In Using Assessment Tools To A Successful Businesses

If attackers would successfully exploit the four vulnerabilities on unpatched iOS devices (i.e., iPhones and iPads), they could gain access and harvest Apple ID emails, full names, Apple ID authentication tokens, installed apps info, WiFi info, and analytics logs (including medical and device  information).

The complete list of iOS zero-days reported by Tokarev includes:

  • Gamed 0-day (fixed in iOS 15.0.2): Bug exploitable through user-installed apps from App Store and giving unauthorized access to sensitive data normally protected by a TCC prompt or the platform sandbox ($100,000 on the Apple Security Bounty Program page)
  • Nehelper Enumerate Installed Apps 0-day (iOS 15.0): Allows any user-installed app to determine whether any app is installed on the device given its bundle ID.
  • Nehelper Wifi Info 0-day (iOS 15.0): Makes it possible for any qualifying app (e.g., possessing location access authorization) to gain access to Wifi information without the required entitlement.
  • Analyticsd (fixed in iOS 14.7): Allows any user-installed app to access analytics logs.

“We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you,” Apple told Tokarev 24 hours after publishing the zero-days and the exploit code on his blog.

“We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance.”

Apple has also fixed a second zero-day vulnerability in iOS 15.0.2 and iPadOS 15.0.2, actively exploited in the wild to target iPhones and iPads.

This bug, tracked as CVE-2021-30883, is a critical memory corruption flaw in the IOMobileFrameBuffer, allowing malicious applications to execute commands on vulnerable devices with kernel privileges.

Apple has not replied to emails BleepingComputer sent since September 24, asking for an official statement and more details.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us