What you need to know
- Apple has patched a security flaw with the release of iOS 15.0.2.
- Like a previous fix, Apple has not given credit to the researcher that discovered the zero-day flaw.
Apple appears to have fixed a zero-day vulnerability with the release of iOS 15.0.2, but like previous instances, it hasn't given credit to the researcher who discovered the problem and reported it.
Researcher Denis Tokarev has previously had trouble getting Apple to acknowledge security vulnerabilities. Now that Apple is at least fixing the problems he found, it isn't doing a great job of giving him credit.
This follows a similar instance where another flaw was fixed by iOS 14.7 in July, again with Tokarev not being credit. At the time, Apple said that it was a "processing issue" and that credit would be given in a future update.
"Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience."
That didn't happen.
Only Apple knows why it seems so keen not to give this particular researcher credit for finding security holes in its software, but the good news from a user's point of view is that the issue is fixed. However, long term, Apple's stance on first acknowledging and then dealing with the problems before not giving credit for their discovery could well cause researchers not to report bugs in the future.
That's bad for everyone.
Security and privacy have long been some of the best iPhone features that Apple relentlessly markets. Faux pas like this might not help it maintain that stance in the long run.