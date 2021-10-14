



Apple has quietly patched a zero-day vulnerability that could give apps access to sensitive information in iOS 15.0.2, but it is reported that the discoverer of this flaw was not credited. ..

This vulnerability was discovered by software developer Denis Tokarev seven months before the release of iOS 15.0.2. In September, Tokarev wrote a blog post detailing some of Apple’s interactions with the Bug Bounty Program. This includes the fact that he lost credibility with another fixed flaw.

According to Bleeping Computer, Tokarev contacted Apple after the release of iOS 15.0.2 to inquire about the lack of credit. Apple replied by asking him to keep the contents of the email exchange confidential.

This flaw was an exploitable bug that could give users-installed apps from the App Store unauthorized access to sensitive data that is normally protected by sandboxing or protection of transparency, consent, and control. .. According to Apple, these flaws are worth up to $ 100,000 in bounties.

In total, Tokarev has reported four vulnerabilities to Apple. The company fixed one of them in iOS 14.7 and the other in iOS 15.0.2. Two of the zero-day flaws are still present in the latest version of iOS 15. Apple said in September that it was “still under investigation.”

This isn’t the first time security researchers have said they’ve been struck by Apple’s bug bounty program. Back in September, the report shed light on complaints that security researchers were being ignored, untrusted, or unpaid.

As part of that, Apple has characterized the bug bounty program as a “runaway success.” It said it works to correct any mistakes it makes quickly.

