AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.
A researcher claimed to find a remote code execution exploit that could allow an attacker to wipe an iPhone or iPad running all iOS versions up to iOS 15 — but Apple says the claim is bogus.
Twitter user @RobertCFO posted on Wednesday that he had reportedly found a bug that would enable a user to use a high-level proximity Bluetooth LE exploit to remotely wipe iPhones and iPads without any access to the devices. The user also states that he will provide proof of concept at a later date.
POC? RCE up to 15.0.X ~ High level proximity based Bluetooth LE exploit to remote wipe iDevices based on proximity alone! No physical device access.
In short can put a laptop in a backpack and ride a bike in a city wiping iPhones 🙂
POC date tbd#iOS #iOS15 #iosrce pic.twitter.com/CD7cj9Bna7
— Robert (@RobertCFO) October 13, 2021
Included in the Tweet is a screenshot of an email exchange he says he had with a member of Apple’s Product Security Team. The team member acknowledges the issue and states that it will be resolved in iOS 15.1, which the Apple representative said will roll out the week of Monday, October 25 — the week after Apple’s “Unleashed” event.
Apple also allegedly asked Robert to keep the email and the details of the exploit confidential until the patches were released to users.
Update: Apple has reached out to clarify that they have no record of any interaction between the alleged researcher and an Apple Security Bounty team member, leading Apple to believe that this interaction has been spoofed. The company also notes that Apple does not include specific dates for upcoming software releases.
