iOS 15.0.2 fixes a zero-day vulnerability — doesn’t credit its finder

iOS 15.0.2 fixes a zero-day vulnerability — doesn’t credit its finder

What you need to know

Apple has patched a security flaw with the release of iOS 15.0.2.
Like a previous fix, Apple has not given credit to the researcher that discovered the zero-day flaw.

Researcher Denis Tokarev has been outspoken about Apple’s security practices of late.

Apple appears to have fixed a zero-day vulnerability with the release of iOS 15.0.2, but like previous instances, it hasn’t given credit to the researcher who discovered the problem and reported it.

Researcher Denis Tokarev has previously had trouble getting Apple to acknowledge security vulnerabilities. Now that Apple is at least fixing the problems he found, it isn’t doing a great job of giving him credit.

Seems that they don’t have a separate protocol on handling reports which were already disclosed. And if this message contains a legit excuse, they could save a tiny bit of reputation by making it public. But it’s up to them, I won’t disclose full message until I get credit. 2/3

— Denis Tokarev (@illusionofcha0s) October 13, 2021

This follows a similar instance where another flaw was fixed by iOS 14.7 in July, again with Tokarev not being credit. At the time, Apple said that it was a “processing issue” and that credit would be given in a future update.

“Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience.”

That didn’t happen.

Only Apple knows why it seems so keen not to give this particular researcher credit for finding security holes in its software, but the good news from a user’s point of view is that the issue is fixed. However, long term, Apple’s stance on first acknowledging and then dealing with the problems before not giving credit for their discovery could well cause researchers not to report bugs in the future.

That’s bad for everyone.

Security and privacy have long been some of the best iPhone features that Apple relentlessly markets. Faux pas like this might not help it maintain that stance in the long run.

Leave a Reply

Your email address will not be published. Required fields are marked *