iOS 15.0.2 fixes a zero-day vulnerability but Apple hasn't given credit to the researcher who found it

Iphone 12 Pro Ios 15 Notifications (Image credit: Christine Romero-Chan / iMore)

What you need to know

Apple has patched a security flaw with the release of iOS 15.0.2.
Like a previous fix, Apple has not given credit to the researcher that discovered the zero-day flaw.

Apple appears to have fixed a zero-day vulnerability with the release of iOS 15.0.2, but like previous instances, it hasn't given credit to the researcher who discovered the problem and reported it.

Researcher Denis Tokarev has previously had trouble getting Apple to acknowledge security vulnerabilities. Now that Apple is at least fixing the problems he found, it isn't doing a great job of giving him credit.

Seems that they don't have a separate protocol on handling reports which were already disclosed. And if this message contains a legit excuse, they could save a tiny bit of reputation by making it public. But it's up to them, I won't disclose full message until I get credit. 2/3 pic.twitter.com/iG6waUELtkSeems that they don't have a separate protocol on handling reports which were already disclosed. And if this message contains a legit excuse, they could save a tiny bit of reputation by making it public. But it's up to them, I won't disclose full message until I get credit. 2/3 pic.twitter.com/iG6waUELtk— Denis Tokarev 🇷🇺 (@illusionofcha0s) October 13, 2021 October 13, 2021

This follows a similar instance where another flaw was fixed by iOS 14.7 in July, again with Tokarev not being credit. At the time, Apple said that it was a "processing issue" and that credit would be given in a future update.

"Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience."

That didn't happen.

Only Apple knows why it seems so keen not to give this particular researcher credit for finding security holes in its software, but the good news from a user's point of view is that the issue is fixed. However, long term, Apple's stance on first acknowledging and then dealing with the problems before not giving credit for their discovery could well cause researchers not to report bugs in the future.

That's bad for everyone.

Security and privacy have long been some of the best iPhone features that Apple relentlessly markets. Faux pas like this might not help it maintain that stance in the long run.

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too. Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

Latest