fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Researcher Drops Three iOS Zero-days That Apple Refused To Fix

Researcher Drops Three iOS Zero-days That Apple Refused To Fix

Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher.

The unknown researcher who found the four zero-days reported them to Apple between March 10 and May 4. However, the company silently patched one of them in July with the release of 14.7 without giving credit in the security advisory.

“When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update,” the researcher said earlier today. “There were three releases since then and they broke their promise each time.”

Also Read: 5 Self Assessment Tools To Find The Right Professional Fit

“Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience,” Apple told him when asked why the list of fixed iOS security bugs didn’t include his zero-day.https://www.ad-sandbox.com/static/html/sandbox.html

Since then, all attempts made to get an explanation for Apple’s failure to fix the rest of these unpatched vulnerabilities and for their refusal to credit them were ignored even though more security advisories, for iOS 14.7.1, iOS 14.8, and iOS 15.0, have since been published.

An Apple spokesperson was not available for comment when BleepingComputer reached out for more details.

PoC exploit code published on GitHub

After Apple refused to respond to explanation requests, today the researcher published proof-of-concept exploit code for all four iOS zero-days he reported on GitHub, together with apps that harvest sensitive information and displays it in the user interface:

  • Gamed 0-day (iOS 15.0): Bug exploitable through user-installed apps from App Store and giving unauthorized access to sensitive data normally protected by a TCC prompt or the platform sandbox ($100,000 on the Apple Security Bounty Program page):
    • Apple ID email and full name associated with it
    • Apple ID authentication token which allows accessing at least one of the endpoints on *.apple.com on behalf of the user
    • Complete file system read access to the Core Duet database (contains a list of contacts from Mail, SMS, iMessage, 3rd-party messaging apps and metadata about all user’s interaction with these contacts (including timestamps and statistics), also some attachments (like URLs and texts)
    • Complete file system read access to the Speed Dial database and the Address Book database, including contact pictures and other metadata like creation and modification dates (I’ve just checked on iOS 15, and this one is inaccessible, so that one must have been quietly fixed recently)
  • Nehelper Enumerate Installed Apps 0-day (iOS 15.0): Allows any user-installed app to determine whether any app is installed on the device given its bundle ID.
  • Nehelper Wifi Info 0-day (iOS 15.0): Makes it possible for any qualifying app (e.g., possessing location access authorization) to gain access to Wifi information without the required entitlement.
  • Analyticsd (fixed in iOS 14.7): Allows any user-installed app to access analytics logs:
    • medical information (heart rate, count of detected atrial fibrillation and irregular heart rhythm events)
    • menstrual cycle length, biological sex and age, whether the user is logging sexual activity, cervical mucus quality, etc.
    • device usage information (device pickups in different contexts, push notifications count and user’s action, etc.)
    • screen time information and session count for all applications with their respective bundle IDs
    • information about device accessories with their manufacturer, model, firmware version, and user-assigned names
    • application crashes with bundle IDs and exception codes
    • languages of web pages that users viewed in Safari

Exploit code confirmed to work on 15.0

Apple did not reply to BleepingComputer’s email to validate any of the researcher’s claims.

However, software engineer Kosta Eleftheriou confirmed that the app designed to exploit Gamed zero-day and harvest sensitive user information works on iOS 15.0, the latest iOS version.

“All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected,” the researcher said, referring to the analyticsd zero-day silently patched in iOS 14.7.

“That’s why it’s very hypocritical of Apple to claim that they deeply care about privacy. All this data was being collected and available to an attacker even if ‘Share analytics’ was turned off in settings.

“My actions are in accordance with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities in 90 days after reporting them to vendor, ZDI – in 120). I have waited much longer, up to half a year in one case,” the researched added.

Also Read: Website Ownership Laws: Your Rights And What These Protect

Other security researchers and bug bounty hunters have also gone through a similar experience when reporting vulnerabilities to Apple’s product security team via the Apple Security Bounty Program.

Just this year, some of them have reported that they weren’t paid the amount listed on the official bounty page [12] or haven’t received any payment at all, others that they have been kept in the dark for months on end with no replies to their messages.

Others have also said their bugs were silently fixed with Apple refusing to give them credit, just as it happened in this case.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us