AppleInsider is supported by its audience and may earn commissions as an Amazon Associate and affiliate on qualified purchases. These affiliate partnerships do not affect our editorial content.
A researcher discovered and reported a remote exploit of code execution that could allow a hacker to delete iPhone and iPad devices running all iOS versions up to iOS 15, even though Apple says the claim is false.
Twitter user @RobertCFO announced on Wednesday that he had allegedly found a bug that would allow a user to use a high-level Bluetooth LE utility to remotely delete iPhones and iPads without access to the devices. The user also states that he will later present proof of concept.
POC? RCE up to 15.0.X ~ High Level Proximity-Based Bluetooth LE Utility for Remote Proximity Removal of iDevices Only! No physical device access.
In short, can put a laptop in a backpack and bike in a city and dry iPhones 🙂
– Robert (@RobertCFO) October 13, 2021
Included in the tweet is a screenshot of an email exchange he had with a member of Apple’s product security team. The team member acknowledges the issue and states that it will be resolved in iOS 15.1, as the Apple representative said it will be launched the week of Monday, October 25 – the week after Apple’s “Unleashed” event.
Apple has also reportedly asked Robert to keep the email and exploitation information confidential until patches were released to users.
Update: Apple has reached out to clarify that they have no record of any interaction between the alleged researcher and an Apple Security Bounty team member, which led Apple to believe that this interaction has been forged. The representative also notes that Apple does not include specific dates for upcoming software releases.