Apple has quietly fixed a zero-day vulnerability in iOS 15.0.2 that could have allowed apps to access sensitive data. Unfortunately, Apple has not officially listed the original discoverer of this vulnerability.
The zero-day vulnerability was discovered by software developer Denis Tokarev seven months before the release of iOS 15.0.2. In September wrote Tokarev wrote a blog post describing some of his interactions with Apple's Bug Bounty Program, including not being listed on another bug that was fixed. Now he was again not mentioned by name. Loud Bleeping Computer reported that Tokarev reached out to Apple after the release of iOS 15.0.2 to inquire about the lack of recognition. Apple responded and asked him to keep the contents of their email exchange confidential.
Zero-day vulnerabilities: Security researchers feel ignored by Apple
The vulnerability was an exploitable flaw that could have allowed user-installed apps from the App Store to gain unauthorized access to sensitive data normally protected by sandboxing or transparency, consent, and control mechanisms. According to Apple, these flaws are worth up to $100,000. In total, Tokarev reported four vulnerabilities to Apple. The company fixed one in iOS 14.7 and the second in iOS 15.0.2. Two of the zero-day vulnerabilities remain in the latest version of iOS 15. Apple says they are "still under investigation." This isn't the first time a security researcher has claimed to have been overlooked by Apple's bug bounty program. In September, a report was published detailing complaints from security researchers that were ignored, disregarded, or not paid. (Photo by Chor Muang / Bigstockphoto)
