Apple's iOS 15 update supposedly includes several zero-day exploits despite security expert's warning
Earlier this week, Apple released a major update for its mobile operating system iOS, which has now reached version number 15. Among numerous exciting changes and features, not all of which have made it to older iDevices, the update purportedly also includes several significant security flaws that could compromise user data on iPhones and iPads. The source of these allegations is an anonymous security researcher who participates in Apple's security bounty program which pays up to US$1 million for the discovery of previously unknown vulnerabilities in Apple's software.
According to MacRumors, the anonymous security expert reported four security flaws in iOS in the time period between March and May of 2021. Apparently only one of these exploits has been fixed with the iOS 14.7 update, but the tipster supposedly did not receive any kind of feedback or even compensation from Apple for his discovery. Even more troublesome is the allegation that three of these security vulnerabilities are still included in Apple's most recent iOS 15 update.
One of these exploits appears to be related to Apple's Game Center, in which the security researcher has found an exploit that allows any installed app to access user data on the device, which in fact sounds like a critical loophole. However, it remains unclear whether these allegations are justified, or if the disgruntled researcher is looking for a way to discredit Apple after not receiving the expected payout for his participation in the bounty program. The Cupertino-based iPhone maker usually has a very commendable approach regarding the issuance of security updates, like the recent release of iOS 12.5.5 for older devices like the iPhone 6 Plus (from US$181 on Amazon) illustrates.
MacRumors, Image: Apple