Apple zero-day security flaw on iOS 15.0.2's finder is now saying that the Cupertino tech giant released a fix for it without giving him the credit.
As per Bleeping Computer's latest report, the iPhone maker quietly rolled out an update that fixed the zero-day security flaw hiding beneath the iOS 15.0.2 that hackers could infiltrate last Monday, Oct. 11.
A software developer that goes by the name Denis Tokarev found out about the zero-day vulnerability on Apple's iOS 15.0.2 even seven months before the software was released to the stable channel.
Apple Zero-Day Flaw on iOS 15.0.2
The zero-day security flaw that Tokarev discovered could allow the apps that iOS 15 users installed through the official app marketplace of the Cupertino giant, the Apple App Store, to access users' sensitive data.
The bug exploits any protection that the iPhone maker put in place, such as consent and control protections, as well as transparency or sandboxing.
According to TomsGuide, the flaw known as the CVE-2021-30883 vulnerability specifically corrupts the memory in the IOMobileFrameBuffer, allowing third-party apps to execute commands on the devices without any prior permission.
The outlet further noted that bugs such as this do not only expose the sensitive data of vulnerable devices, it also allows attackers to stuff in some malware.
It is to note that Apple also released a fix for the said flaw for the iPadOS 15.0.2.
Apple Zero-Day Flaw Finder Failed To Be Credited
Apple Insider further reported that Tokarev went on to contact Apple after learning that the company already released a fix for the critical security flaw that he discovered. The software developer asked the tech giant about the missing credit to him.
As such, Apple responded to his inquiry, asking the flaw finder to keep the email thread confidential.
Bleeping Computer said in the same report that the Cupertino giant vowed to issue the credit in the upcoming security updates. What's more, the tech giant offered to "apologize for the inconvenience."
Apple Security Flaws and Denis Tokarev
Tokarev also disclosed that he has already reported a total of four security flaws to the iPhone maker.
As of writing, Apple has only released a security patch for two out of four, including one in iOS 14.7 and the latest from iOS 15.0.2.
On the other hand, the other two zero-day vulnerabilities have yet to be fixed by the Cupertino behemoth, telling the software developer that it was "still investigating."
This article is owned by Tech Times
Written by Teejay Boris