Apple zero-day security flaw on iOS 15.0.2's finder is now saying that the Cupertino tech giant released a fix for it without giving him the credit.

Apple Zero-Day Flaw on iOS 15.0.2 Finder Reveals Company Fails to Credit Him
(Photo : by Feline Lim/Getty Images)
SINGAPORE, SINGAPORE - SEPTEMBER 24: An Apple logo is seen on the ground as people wait in line to purchase newly released products at the Apple Store at Orchard Road on September 24, 2021 in Singapore. Apple announced September 14 the release of four variants of its latest iPhone 13, alongside other upgrades to its product lineup.

As per Bleeping Computer's latest report, the iPhone maker quietly rolled out an update that fixed the zero-day security flaw hiding beneath the iOS 15.0.2 that hackers could infiltrate last Monday, Oct. 11.

A software developer that goes by the name Denis Tokarev found out about the zero-day vulnerability on Apple's iOS 15.0.2 even seven months before the software was released to the stable channel.

Apple Zero-Day Flaw on iOS 15.0.2

The zero-day security flaw that Tokarev discovered could allow the apps that iOS 15 users installed through the official app marketplace of the Cupertino giant, the Apple App Store, to access users' sensitive data.

The bug exploits any protection that the iPhone maker put in place, such as consent and control protections, as well as transparency or sandboxing.

According to TomsGuide, the flaw known as the CVE-2021-30883 vulnerability specifically corrupts the memory in the IOMobileFrameBuffer, allowing third-party apps to execute commands on the devices without any prior permission.

The outlet further noted that bugs such as this do not only expose the sensitive data of vulnerable devices, it also allows attackers to stuff in some malware.

It is to note that Apple also released a fix for the said flaw for the iPadOS 15.0.2.

Apple Zero-Day Flaw Finder Failed To Be Credited

Apple Insider further reported that Tokarev went on to contact Apple after learning that the company already released a fix for the critical security flaw that he discovered. The software developer asked the tech giant about the missing credit to him.

As such, Apple responded to his inquiry, asking the flaw finder to keep the email thread confidential.

Bleeping Computer said in the same report that the Cupertino giant vowed to issue the credit in the upcoming security updates. What's more, the tech giant offered to "apologize for the inconvenience."

Read Also: Redesigned Apple TV Box Rumored to Have 'Plexiglass' Top | Could a Nintendo Switch Style Gaming Console Arrive as Well?

Apple Security Flaws and Denis Tokarev

Tokarev also disclosed that he has already reported a total of four security flaws to the iPhone maker.

As of writing, Apple has only released a security patch for two out of four, including one in iOS 14.7 and the latest from iOS 15.0.2.

On the other hand, the other two zero-day vulnerabilities have yet to be fixed by the Cupertino behemoth, telling the software developer that it was "still investigating."

Related Article: Apple MacBook Silicon Chip Name: M1X, M1 Max, M2, and MORE Now Under Speculation for October Event

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion