Authored by IllusionOfChaos | Site

Zero day exploit for Nehelper Wifi Info on iOS 15.0. XPC endpoint accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, the entitlement check is skipped. This makes it possible for any qualifying application (e.g. possessing location access authorization) to gain access to Wifi information without the required entitlement. This happens in -[NEHelperWiFiInfoManager checkIfEntitled:] in /usr/libexec/nehelper.