Security News > 2021 > October > Apple silently fixes iOS zero-day, asks bug reporter to keep quiet
Apple has silently fixed a 'gamed' zero-day vulnerability with the release of iOS 15.0.2, on Monday, a security flaw that could let attackers gain access to sensitive user information.
In July, Apple also silently patched an 'analyticsd' zero-day flaw with the release of 14.7 without crediting Tokarev in the security advisory, instead promising to acknowledge his report in security advisories for an upcoming update.
Apple published multiple security advisories addressing iOS vulnerabilities but, each time, they failed to credit his analyticsd bug report.
"Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience," Apple told him when asked why the list of fixed iOS security bugs didn't include his zero-day.
In total, Tokarev found four iOS zero-days and reported them to Apple between March 10 and May 4.
If attackers would successfully exploit the four vulnerabilities on unpatched iOS devices, they could gain access and harvest Apple ID emails, full names, Apple ID authentication tokens, installed apps info, WiFi info, and analytics logs.
News URL
Related news
- Apple fixes two new iOS zero-days exploited in attacks on iPhones (source)
- Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296) (source)
- Urgent: Apple Issues Critical Updates for Actively Exploited Zero-Day Flaws (source)
- Apple's trademark tight lips extend to new iPhone, iPad zero-days (source)