Security News > 2021 > October > Apple silently fixes iOS zero-day, asks bug reporter to keep quiet
Apple has silently fixed a 'gamed' zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.
In July, Apple also silently patched an 'analyticsd' zero-day flaw with the release of 14.7 without crediting Tokarev in the security advisory, instead promising to acknowledge his report in security advisories for an upcoming update.
Apple published multiple security advisories addressing iOS vulnerabilities but, each time, they failed to credit his analyticsd bug report.
"Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience," Apple told him when asked why the list of fixed iOS security bugs didn't include his zero-day.
In total, Tokarev found four iOS zero-days and reported them to Apple between March 10 and May 4.
If attackers would successfully exploit the four vulnerabilities on unpatched iOS devices, they could gain access and harvest Apple ID emails, full names, Apple ID authentication tokens, installed apps info, WiFi info, and analytics logs.
News URL
Related news
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple backports zero-day patches to older iPhones and Macs (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)
- Apple fixes two zero-days exploited in targeted iPhone attacks (source)
- Apple Patches Two Actively Exploited iOS Flaws Used in Sophisticated Targeted Attacks (source)
- Apple plugs zero-day holes used in targeted iPhone attacks (CVE-2025-31200, CVE-2025-31201) (source)
- Apple Patches Two Zero-Days Used in ‘Extremely Sophisticated’ Attacks (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)