Apple zero-day security flaw on iOS 15.0.2's finder is now saying that the Cupertino tech giant released a fix for it without giving him the credit.

apple zero day flaw ios 15.0.2 finder, apple zero day flaw, apple failed to credit, apple, ios 15

(Photo : by Feline Lim/Getty Images)
SINGAPORE, SINGAPORE - SEPTEMBER 24: An Apple logo is seen on the ground as people wait in line to purchase newly released products at the Apple Store at Orchard Road on September 24, 2021 in Singapore. Apple announced September 14 the release of four variants of its latest iPhone 13, alongside other upgrades to its product lineup.

As per Bleeping Computer's latest report, the iPhone maker quietly rolled out an update that fixed the zero-day security flaw hiding beneath the iOS 15.0.2 that hackers could infiltrate last Monday, Oct. 11.

A software developer that goes by the name Denis Tokarev found out about the zero-day vulnerability on Apple's iOS 15.0.2 even seven months before the software was released to the stable channel.

Apple Zero-Day Flaw on iOS 15.0.2

The zero-day security flaw that Tokarev discovered could allow the apps that iOS 15 users installed through the official app marketplace of the Cupertino giant, the Apple App Store, to access users' sensitive data.

The bug exploits any protection that the iPhone maker put in place, such as consent and control protections, as well as transparency or sandboxing.

According to TomsGuide, the flaw known as the CVE-2021-30883 vulnerability specifically corrupts the memory in the IOMobileFrameBuffer, allowing third-party apps to execute commands on the devices without any prior permission.

The outlet further noted that bugs such as this do not only expose the sensitive data of vulnerable devices, it also allows attackers to stuff in some malware.

It is to note that Apple also released a fix for the said flaw for the iPadOS 15.0.2.

Apple Zero-Day Flaw Finder Failed To Be Credited

Apple Insider further reported that Tokarev went on to contact Apple after learning that the company already released a fix for the critical security flaw that he discovered. The software developer asked the tech giant about the missing credit to him.

As such, Apple responded to his inquiry, asking the flaw finder to keep the email thread confidential.

Bleeping Computer said in the same report that the Cupertino giant vowed to issue the credit in the upcoming security updates. What's more, the tech giant offered to "apologize for the inconvenience."

Apple Security Flaws and Denis Tokarev

Tokarev also disclosed that he has already reported a total of four security flaws to the iPhone maker.

As of writing, Apple has only released a security patch for two out of four, including one in iOS 14.7 and the latest from iOS 15.0.2.

On the other hand, the other two zero-day vulnerabilities have yet to be fixed by the Cupertino behemoth, telling the software developer that it was "still investigating."

Written by Teejay Boris

Internet Explorer Channel Network


LATEST NEWS

NEWS RELATED

Here's how Apple's most powerful laptop looks from the inside

Deliveries of the new AppleMacBook Pro models have begun and tear down images of Apple’s most powerful laptops have started to appear online. A user took to Reddit to share what’s inside the 10-core 14-inch MacBook Pro.The user claimed that getting inside the new MacBook Pro “seems identical” to the…

Read more: Here's how Apple's most powerful laptop looks from the inside

Early Black Friday deals hit Apple's 2021 14-inch and 16-inch MacBook Pro

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. Early Black Friday deals on Apple’s brand-new 14-inch and 16-inch MacBook Pro are here, with over 180 configurations eligible for an…

Read more: Early Black Friday deals hit Apple's 2021 14-inch and 16-inch MacBook Pro

Apple rolls out iOS 14.8.1 and iPadOS 14.8.1 updates with security fixes

Earlier this year, Apple announced that iPhone users will have a choice to either update to iOS 15 or stay on iOS 14. However, sticking to iOS14 did not mean these users will not be eligible for security updates. Apple has released iOS 14.8.1 and iPadOS 14.8.1 updates with security…

Read more: Apple rolls out iOS 14.8.1 and iPadOS 14.8.1 updates with security fixes

Twitter avoids revenue hit from Apple privacy changes

Twitter Inc reported its quarterly revenue grew 37% and avoided the brunt of Apple Inc privacy changes on advertising that hobbled its rivals, sending its shares up 3%.The social networking site has been working to add new features such as audio chat rooms to attract users, and also rolled out…

Read more: Twitter avoids revenue hit from Apple privacy changes

WhatsApp users can transfer chat histories from iPhone to Google Pixel, Android 12 devices

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. Google on Tuesday cleared another barrier to switching mobile operating systems, announcing that iPhone users can easily migrate WhatsApp chat histories…

Read more: WhatsApp users can transfer chat histories from iPhone to Google Pixel, Android 12 devices

Apple's Craig Federighi to present keynote at Web Summit 2021 next week

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. Apple SVP of Software Engineering Craig Federighi is scheduled to present a keynote presentation at this year’s Web Summit, which will…

Read more: Apple's Craig Federighi to present keynote at Web Summit 2021 next week

Next Apple Watch Activity Challenge honors Veterans Day

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. Apple’s next Apple Watch Activity Challenge will celebrate Veterans Day, with users of the wearable able to earn a limited edition…

Read more: Next Apple Watch Activity Challenge honors Veterans Day

Twitter revenue largely unaffected by Apple privacy changes

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content. As the social media sector bemoans Apple’s recently enacted iOS privacy protections, Twitter on Tuesday said the changes that require users…

Read more: Twitter revenue largely unaffected by Apple privacy changes

Hands on: Should you buy the Nike or standard aluminum Apple Watch Series 7

16-inch MacBook Pro teardown reveals M1 Max, tweaked internals

Apple News adds local coverage for three more US cities

Compared: 16-inch MacBook Pro vs Lenovo Legion 5

Apple releases iOS 14.8.1, iPadOS 14.8.1 update with security fixes

Amazon slashes $250 off 512GB 13-inch MacBook Pro with M1

How to run Shortcuts on macOS Monterey

Apple spent $64.8 million on paid search ads in 2020, ranking 12th overall

OTHER NEWS