illusionofchaos
About
- Username
- illusionofchaos
- Joined
- Visits
- 0
- Last Active
- Roles
- member
- Points
- 40
- Badges
- 0
- Posts
- 1
Reactions
-
Apple fails to patch publicly disclosed zero-day flaws with iOS 15.0.1
Thats a bit of an understatement.the zero-day vulnerabilities that persist are not critical, with one pertaining to a bug that could enable maliciously crafted apps to read users' Apple ID information if somehow allowed onto the App Store.- Apple ID email and full name associated with it- Apple ID authentication token which allows to access at least one of the endpoints on *.apple.com on behalf of the user- Complete file system read access to the Core Duet database (contains a list of contacts from Mail, SMS, iMessage, 3rd-party messaging apps and metadata about all user's interaction with these contacts (including timestamps and statistics), also some attachments (like URLs and texts)- Complete file system read access to the Speed Dial database and the Address Book database including contact pictures and other metadata like creation and modification dates- The vulnerability allows any user-installed app to determine whether any app is installed on the device given its bundle ID.- This makes it possible for any qualifying app (e.g. posessing location access authorization) to gain access to Wifi information without the required entitlement.Read my blog posts for details.