![\"Privacy](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/09\/privacy-thats-iphone-billboard-with-laughing-man-600x300-1.jpg\")
<\/p>\n<\/p>\n
An iOS security researcher has publicly disclosed<\/a> three zero-day vulnerabilities in Apple’s mobile operating systems\u2014and a fourth that is unmitigated in iOS 15.<\/p>\n The researcher, who went by the pseudonym “illusionofchaos” in their disclosure, stated that they had privately reported these vulnerabilities to Apple months ago. Since Apple has failed to fix the issues within a reasonable timeframe, the researcher decided to take the details public.<\/p>\n Full public disclosure is a two-edged sword. Although it potentially puts users at risk from malicious developers learning about and implementing these techniques, it also pushes Apple to quickly patch the issues. Given the possibility that malicious developers might have already discovered and used these techniques without anyone’s awareness, one can begin to understand why public disclosure might seem like a practical option after Apple seemingly ignored the vulnerabilities for months.<\/p>\n So just how bad are these vulnerabilities? All four are “information disclosure” issues, meaning that a malicious developer could potentially leverage them to obtain sensitive information about a user without their knowledge or permission. Following is a brief summary of each of the four issues, which affect both iOS devices (iPhone and iPod touch) as well as iPadOS devices (iPad).<\/p>\n The Game Center process\u2014formally known as The researcher notes that access to the Speed Dial and Address Book databases were evidently revoked silently in iOS 15. However, the other issues remain.<\/p>\n The Network Extension helper XPC service\u2014 Although this vulnerability may not sound like a big deal, it could actually reveal plenty of things about users that they would not knowingly reveal about themselves to app developers. For example, simply knowing which apps you have installed could reveal your sexual preferences (based on dating apps you have installed), your political or religious views, which bank or credit union you use, where you work or go to school, where you shop or travel, and much more.<\/p>\n The same service also has a vulnerability that could reveal information about the Wi-Fi network to which you are connected. This can include both the name of the network (SSID) as well as the unique BSSID MAC address of your Wi-Fi router.<\/p>\n Searchable databases of BSSIDs are easy to find online. If someone can find out your BSSID, they can pinpoint precisely where you are on earth (within the radius of that particular Wi-Fi network’s range).<\/p>\n The fourth vulnerability was fixed back in iOS 14.7, but Apple never publicly acknowledged this.<\/p>\n However, illusionofchaos says that the vulnerability has returned in iOS 15.<\/strong> (Intego reported earlier this week that iOS 15 seems to be missing patches for two in-the-wild vulnerabilities<\/a><\/strong> that were addressed a week earlier in iOS 14.8. It may be advisable to stay on the latest iOS 14 update until Apple addresses these issues in a future release of iOS 15.)<\/p>\n The vulnerability is that any app<\/strong> can access all<\/strong> of the Analytics Data that Apple collects about you on your device. Apple stores these analytics logs even if you have “Share iPhone & Watch Analytics” disabled. You can see the very long list of Analytics Data files on your own iOS or iPadOS device by going to Settings > Privacy > Analytics & Improvements > Analytics Data<\/strong>.<\/p>\n The researcher notes that this Analytics Data can include sensitive information about the user, including but not limited to:<\/p>\n Again, since this particular issue is fixed in iPadOS and iOS 14.8, it may be best to wait to upgrade to iPadOS or iOS 15<\/strong> until Apple fixes this for the latest operating system as well.<\/p>\n The other three vulnerabilities, however, remain zero-day issues\u2014unpatched regardless of which iOS or iPadOS version you have installed.<\/p>\n For the full details, you can read illusionofchaos’s full disclosure posts in English<\/a> and Russian<\/a>.<\/p>\n Be sure to follow Intego on your favorite social media channels: Facebook<\/a>, Instagram<\/a>, Twitter<\/a>, and YouTube<\/a> (click the \ud83d\udd14 to get notified about new videos).<\/p>\n","protected":false},"excerpt":{"rendered":" An iOS security researcher has publicly disclosed three zero-day vulnerabilities in Apple’s mobile operating systems\u2014and a fourth that is unmitigated in iOS 15. The researcher, who went by the pseudonym “illusionofchaos” in their disclosure, stated that they had privately reported these vulnerabilities to Apple months ago. Since Apple has failed to fix the issues within […]<\/p>\n","protected":false},"author":14,"featured_media":94566,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[13],"tags":[4627,143,982],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\n\t\n\t\n\t\nThe “gamed” zero-day<\/h3>\n
com.apple.gamed<\/code> or just gamed\u2014can be exploited by any App Store app to obtain the following information about the user:<\/p>\n\n
The “nehelper enumerate installed apps” zero-day<\/h3>\n
com.apple.nehelper<\/code> or nehelper\u2014contains a vulnerability that allows any app to identify which other apps are installed on the device, determined by the apps’ bundle ID.<\/p>\nThe “nehelper Wi-Fi info” zero-day<\/h3>\n
The analyticsd vulnerability (unmitigated in iOS 15)<\/h3>\n
\n
How can I learn more?<\/h3>\n
![\"\"](\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2021\/04\/intego-podcast-artwork-400.jpg\")
<\/a>We’ll discuss these vulnerabilities on an upcoming episode of the Intego Mac Podcast<\/strong><\/a>. Be sure to follow the podcast<\/a> to make sure you don\u2019t miss any episodes! You\u2019ll also want to subscribe to our e-mail newsletter<\/strong> and keep an eye here on The Mac Security Blog<\/strong> for the latest Apple security and privacy news.<\/p>\n