Apple Failed Its Security Issues Again
- 30 Sep 2021
Fresh iOS 15 has multiple security bugs revealed by independent researchers. Though security engineers reported about these issues back in March, the latest OS, released on September 20, 2021, came to the users with many of these flaws.
According to the security researchers, it seems that Apple is not so interested in its protection problems as it pretends to be. Apple Security Bounty is a program rewarding independent researchers who find vulnerabilities. It gives open access to how much you’ll be paid after revealing particular bugs so that many software engineers are financially stimulated to test Apple to the fullest. They are likely to have a lot of work ahead because all the latest iOS versions contain more or less serious security flaws. These bugs are constantly reported to Apple, but the company doesn’t seem to react as it should.
The case of iOS 15.0 vulnerabilities confirms that. A security researcher dubbed illusionofchaos reported several 0-day vulnerabilities to Apple in March 2021. The reason was in the Apple Store that gave access to user’s data, including Apple ID, to many installed apps. The app did it without the user’s permission. These and some other security issues were described and sent to Apple. Even though most of them were not included in the security content list and were presented in 3 next OS releases, iOS 15 still has these flaws.
The revealed vulnerabilities weren’t mentioned on the security list of iOS 15, though illusionofchaos had requested Apple to fix them several times before and a week earlier the release. Consequently, illusionofchaos shared this literally “frustrating” experience on a blog and admitted that many of his colleagues hadn’t received any attention, too. Apple replied only on the 25th of September, the next day after the post was published. They are still investigating these issues.
Thus, we better start reading Apple security rules now. It’s a good idea to keep track of what the app you download “wants to know.” What do you think about the reliability of Apple security? Should we completely trust it or not? Which measures would you like to be provided to protect your data? Share your thoughts in the comments below.