Researcher Says Apple Ignored Three Zero-Day Security Vulnerabilities Still Present in iOS 15

In 2019, Apple opened its Security Bounty Program to the public, offering payouts up to $1 million to researchers who share critical iOS, iPadOS, macOS, tvOS, or watchOS security vulnerabilities with Apple, including the techniques used to exploit them. The program is designed to help Apple keep its software platforms as safe as possible.

iPhone 13 Security
In the time since, reports have surfaced indicating that some security researchers are unhappy with the program, and now a security researcher who uses the pseudonym "illusionofchaos" has shared their similarly "frustrating experience."

In a blog post highlighted by Kosta Eleftheriou, the unnamed security researcher said they reported four zero-day vulnerabilities to Apple between March and May of this year, but they said that three of the vulnerabilities are still present in iOS 15 and that one was fixed in iOS 14.7 without Apple giving them any credit.

I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

The person said that, last week, they warned Apple that they would make their research public if they didn't receive a response. However, they said Apple ignored the request, leading them to publicly disclose the vulnerabilities.

One of the zero-day vulnerabilities relates to Game Center and allegedly allows any app installed from the App Store to access some user data:

- Apple ID email and full name associated with it

- Apple ID authentication token which allows to access at least one of the endpoints on *.apple.com on behalf of the user

- Complete file system read access to the Core Duet database (contains a list of contacts from Mail, SMS, iMessage, 3rd-party messaging apps and metadata about all user's interaction with these contacts (including timestamps and statistics), also some attachments (like URLs and texts)

- Complete file system read access to the Speed Dial database and the Address Book database including contact pictures and other metadata like creation and modification dates (I've just checked on iOS 15 and this one inaccessible, so that one must have been quietly fixed recently)

The other two zero-day vulnerabilities that are apparently still present in iOS 15, as well as the one patched in iOS 14.7, are also detailed in the blog post.

Apple has not yet commented on the blog post. We'll update this story if the company responds.

Related Forum: iOS 15

Popular Stories

iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro to Reverse iPhone X Design Decision

Monday July 7, 2025 9:46 am PDT by
Since the iPhone X in 2017, all of Apple's highest-end iPhone models have featured either stainless steel or titanium frames, but it has now been rumored that this design decision will be coming to an end with the iPhone 17 Pro models later this year. In a post on Chinese social media platform Weibo today, the account Instant Digital said that the iPhone 17 Pro models will have an aluminum...
iOS 26 Feature

Everything New in iOS 26 Beta 3

Monday July 7, 2025 1:20 pm PDT by
Apple is continuing to refine and update iOS 26, and beta three features smaller changes than we saw in beta 2, plus further tweaks to the Liquid Glass design. Apple is gearing up for the next phase of beta testing, and the company has promised that a public beta is set to come out in July. Transparency In some apps like Apple Music, Podcasts, and the App Store, Apple has toned down the...
imac video apple feature

Apple Launching These 15+ Products Later This Year

Sunday July 6, 2025 8:05 am PDT by
The calendar has turned to July, meaning that 2025 is now more than half over. And while the summer months are often quiet for Apple, the company still has more than a dozen products coming later this year, according to rumors. Below, we have outlined at least 15 new Apple products that are expected to launch later this year, along with key rumored features for each. iPhone 17 Series iPho...
iphone 16 pro models 1

Here's How the iPhone 17 Pro Max Will Compare to the iPhone 17 Pro

Saturday July 5, 2025 1:00 pm PDT by
Apple should unveil the iPhone 17 series in September, and there might be one bigger difference between the Pro and Pro Max models this year. As always, the Pro Max model will be larger than the Pro model:iPhone 17 Pro: 6.3-inch display iPhone 17 Pro Max: 6.9-inch displayGiven the Pro Max is physically larger than the Pro, it has more internal space, allowing for a larger battery and...
iPhone Car Key Kia

Here's Which Vehicles Offer iPhone Car Keys

Sunday July 6, 2025 3:03 pm PDT by
In 2020, Apple added a digital car key feature to its Wallet app, allowing users to lock, unlock, and start a compatible vehicle with an iPhone or Apple Watch. The feature is currently offered by select automakers, including Audi, BMW, Hyundai, Kia, Genesis, Mercedes-Benz, Volvo, and a handful of others, and it is set to expand further. Apple has a web page with a list of vehicle models that ...
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Will Expand to These 8 U.S. States

Tuesday July 8, 2025 11:26 am PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Unfortunately, this feature continues to roll out very slowly since it was announced in 2021, with only nine U.S. states, Puerto Rico,...
iphone 17 pro render majin bu

New iPhone 17 Pro Renders Highlight Apple Logo and MagSafe Design Changes

Sunday July 6, 2025 8:43 pm PDT by
New renders today provide the best look yet relocated Apple logo and redesigned MagSafe magnet array of the iPhone 17 Pro and iPhone 17 Pro Max. Image via Majin Bu. Several of the design changes coming to the iPhone 17 Pro model have been rumored for some time, such as the elongated camera bump that spans the full width of the device, with the LiDAR Scanner and flash moving to the right side. ...
apple account card feature

Apple Account Card Expanding to More Countries

Tuesday July 8, 2025 7:34 pm PDT by
Apple is expanding the ability to add an Apple Account Card to the Wallet app to more countries, according to backend Apple Pay changes. With iOS 15.5, Apple updated the Wallet app to allow users to add an Apple Account Card, which displays the Apple credit balance associated with an Apple ID. If you receive an Apple gift card, for example, it is added to an Apple Account that is also...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 14 New Features

Friday July 4, 2025 1:05 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are just over two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:Apple logo repositioned: Apple's logo may have a lower position on the back of the iPhone 17 Pro models, compared to previous...

Top Rated Comments

turbineseaplane Avatar
50 months ago

It seems obvious that Apple's software development process is broken, giving almost everything they release a feeling of being incomplete, unreliable, and unnecessarily rushed. Software will never be perfect, but this kind of problem is an unforced error on Apple's part.
What's so frustrating about this is that it's an "own goal".

Apple alone has insisted on this pointless constant march towards an "all new***" iOS version every year, when literally nobody wants that.

We all want features added over time when they are ready, sure. But more than that, people want things to get more polished, more optimized, faster, smoother, better, more well thought out.

Almost all of that is eliminated by forcing a full new version every year. The cycle of "fixing bugs" and "ironing out issues" never completes and then just restarts every Fall. It. Sucks.

iOS (and macOS) need to be "running releases" that get worked on and made better for a 3-4 year run before totally new versions.

They've made a treadmill for themselves and they can't keep up.
Score: 44 Votes (Like | Disagree)
Soba Avatar
50 months ago
It seems obvious that Apple's software development process is broken, giving almost everything they release a feeling of being incomplete, unreliable, and unnecessarily rushed. Software will never be perfect, but this kind of problem is an unforced error on Apple's part.

Apple increasingly looks like a company that is more concerned about image and that is trying to cover up shortcomings through marketing rather than using solid engineering techniques to get the product right.

Tim Cook heads the company and he deserves a lot of flak, but I suspect there are major problems at all levels. Perhaps it's time to clean house.
Score: 41 Votes (Like | Disagree)
GMShadow Avatar
50 months ago
Honestly, good for him.

Apple needs to get their stuff together. It's clear the wheels are coming off the cart under Cook the past few years.
Score: 34 Votes (Like | Disagree)
rickwalder Avatar
50 months ago
Apple’s stance has always been “without us, you are nothing” to devs

wonder if the day will come that apple realizes without devs, they are nothing. Who wants an iPhone without any apps?
Score: 28 Votes (Like | Disagree)
DesertDrummer Avatar
50 months ago
How frustrating. This would be such an easy, valuable PR win for Apple, and it would only increase their security and engagement with the security research community, but they're blowing it. Unfortunately, this is probably a side-effect of Apple's very secretive culture.
Score: 25 Votes (Like | Disagree)
BobSc Avatar
50 months ago

Oh really? Is that "clear"? Are the "wheels coming off the cart"?

Because from my perspective, I see the M1 transition blowing minds. I see Swift turning into a major powerhouse. I see Macs making a major comeback in the marketplace beyond any time in the past 20 years. I see Apple counting stacks.

So which "wheels" are these that you're referring to exactly?
The wheels that are coming off aren't the hardware items you mentioned. It's the attitude. I'm been an apple customer since about 1987. I've purchased tens of thousands of dollars of equipment. The wheels started coming off when apple switched to their insane policy of new OS's every year. That's more important to apple than making sure their hardware and software is as bug free as possible. Apple used to have a customer oriented mentality. That's gone. And in fact the wheels are't even on any more. The number of significant bugs in iOS 15 is proof enough. I used to think that apple could do no wrong. I now wonder if they can do much that is right!
Score: 24 Votes (Like | Disagree)