A security researcher published the details of three vulnerabilities that affect up-to-date iPhones, which could be used by a malicious app to gather personal information.
The researcher, who goes by Illusionofchaos, published the details in a blog post on Thursday, and he also published the source code for exploits that take advantage of those vulnerabilities on GitHub .
The blog post and the source code give other security researchers—as well as malicious hackers—the ability to reproduce the unpatched vulnerabilities and exploit them, according to other researchers who have analyzed the disclosed bugs.
Illusiononofchaos wrote that he decided to go public to share their "frustrating experience participating in Apple Security Bounty program."
"I've reported four zero-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update," they wrote in the blog post. "There were three releases since then and they broke their promise each time. Ten days ago I asked for an explanation and warned then that I would make my research public if I don't receive an explanation. My request was ignored so I'm doing what I said I would."