Security News > 2021 > October > Apple silently fixes iOS zero-day, asks bug reporter to keep quiet
Apple has silently fixed a 'gamed' zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.
In July, Apple also silently patched an 'analyticsd' zero-day flaw with the release of 14.7 without crediting Tokarev in the security advisory, instead promising to acknowledge his report in security advisories for an upcoming update.
Apple published multiple security advisories addressing iOS vulnerabilities but, each time, they failed to credit his analyticsd bug report.
"Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience," Apple told him when asked why the list of fixed iOS security bugs didn't include his zero-day.
In total, Tokarev found four iOS zero-days and reported them to Apple between March 10 and May 4.
If attackers would successfully exploit the four vulnerabilities on unpatched iOS devices, they could gain access and harvest Apple ID emails, full names, Apple ID authentication tokens, installed apps info, WiFi info, and analytics logs.
News URL
Related news
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) (source)
- Apple Patches Two Zero-Day Attack Vectors (source)