Vratislav Holub Unfortunately, nothing is flawless. Of course, this also applies to Apple products, including its operating systems. Therefore, from time to time some security error appears, which the Cupertino giant usually tries to fix as soon as possible with the next update. At the same time, because of this, in 2019 he opened a program for the public, where he rewards experts with large sums of money who reveal some mistakes and show the process itself. This is how people can earn up to a million dollars per mistake. Even so, there are a number of security zero-day bugs in iOS, for example, that Apple ignores.
It could be interest you
Amaya Toman Risks of zero-day errors
You may be wondering what the so-called zero-day error actually means. It should be noted right away that the designation of the zero day does not completely describe the duration or anything like that. It could simply be said that this is how a threat is described, which is not yet generally known about or for which there is no protection. Such errors then exist in the software until the developer corrects them, which, for example, can take years if they don't even know about something similar.
Check out the beauties of the new iPhone 13 series:
Gallery
Apple knows about such bugs, but does not fix them
Recently, quite interesting information has surfaced, which was shared by an anonymous security expert, primarily pointing to the dysfunctionality of the mentioned program, where people are supposed to receive a reward for discovering the error. This fact has now been pointed out by the well-known Apple critic Kosta Eleftheriou, who we wrote about on Jablíčkář a few days ago in connection with his conflict with Apple. But let's go back to the security flaws themselves. The aforementioned expert reportedly reported four zero-day errors between March and May this year, and it could therefore be expected that in the current situation they will all be fixed.
🚨Apple ignored this person. Now they're publishing multiple proofs-of-concepts:
“I've reported four 0-day vulnerabilities this year […], three of them are still present in [iOS 15.0] and one was fixed in 14.7, but Apple decided to cover it up”🤯https://t.co/eKzq6BEupG
- Kosta Eleftheriou (@keleftheriou) September 24, 2021
But the opposite is true. Three of them can still be found in the latest version of iOS 15, while Apple fixed the fourth in iOS 14.7, but did not reward the expert for his help. The group behind the discovery of these flaws reportedly contacted Apple last week, saying that if they don't get a response, they will publish all of their findings. And since there was no response, so far errors in the iOS 15 system were also revealed.
One of these bugs is related to the Game Center feature and allegedly allows any installed app from the App Store to access some user data. Specifically, this is his Apple ID (email and full name), Apple ID authorization token, access to the contact list, messages, iMessage, third-party communication applications and others.
How will the situation develop further?
Since all the security flaws have been published, we can only expect one thing - that Apple will want to sweep everything under the carpet as quickly as possible. For this reason, we can count on early updates that will solve these ailments in some way. But at the same time, it shows how Apple actually deals with people sometimes. If it is true that the expert(s) reported the errors several months ago and nothing has happened so far, then their frustration is quite understandable.
