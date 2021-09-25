



The iPhone has faced more and more serious threats in recent months, but now owners are at risk of a new triple threat, and Apple seems to be responsible for all three.

In a shocking new blog post, anonymous security researchers uncover three zero-day flaws in iOS 14 and iOS 15 that put millions of iPhones around the world in imminent danger. But there’s a twist, as researchers just reported them all to Apple a few months ago, claiming that the company refused to act, and then only published details to force Apple to take action.

We reported four zero-day vulnerabilities between March 10th and May 4th this year. Currently three are in the latest iOS version (15.0) and one was fixed in 14.7, but Apple has decided to cover it. Don’t list it on the security content page, explains a researcher who published under the illusion of pseudonym chaos. When I confronted them, they apologized, assured me that it happened due to a processing issue, and promised to list it on the security content page for the next update. Since then, there have been three releases, each breaking my promise.

Explaining his actions in exposing all zero-day flaws, researchers reveal:

We asked for clarification 10 days in advance and warned that the study would be published if there was no clarification. My request was ignored, so I’m doing what I say. My behavior complies with Responsible Disclosure Guidelines (Google Project Zero will disclose the vulnerability to ZDI within 90 days of reporting the vulnerability to the vendor (120 years)). I’ve been waiting a long time, but in one case it was up to half a year.

Researchers also point out that he is not alone in being treated this way.

Apple iOS 15 is vulnerable to three new zero-day exploits.

Marco Arment, creator of Instapaper and Overcast and former CTO of Tumbler, commented on the revelation and was very critical of Apple’s tweet. Security relations are developer relations. What does it take to change their entire culture of how Apple treats external developers? As an example, he focuses on one of the new zero-day flaws and comments:

Click to see the game center exploits in particular. That rough. This is unlikely to slip through a gap in a working security program. Instead, at Apple, that’s the norm. It’s broken so deeply, but nothing changes. What is needed?

Therefore, there are two concerns for Apple fans. First, the imminent threat that this trio of zero-day hacks will be released into the wild. Second, fear that this is just the tip of the iceberg, more researchers are being ignored, and even more unfixed zero-day defects are allowed to exist in the wild for months at a time.

Apple has long established itself as a privacy and security champion. The former has been brutally dismantled in recent months, and Apple needs to work hard to maintain its reputation in the latter.

I will contact Apple and update this post if there is a response.

