In iOS 15.0.2, Apple fixed a gaming zero-day exploit without crediting the bug hunter again

Last month, a cyber security researcher and developer Denis Tokarev went public with three zero-day exploits he discovered in iOS 15 after Apple failed to acknowledge his work and patch the highlighted vulnerabilities. However, Apple fixed one of three active vulnerabilities in iOS 15.0.2 update but did not credit Tokarev, and this is not the first time.

iOS 15 - Apple

Previously, Tokarev reported four zero-day vulnerabilities to the company as part of its Security Bounty program. In the iOS 14.7 update, as well, Apple patched an analyticsd exploit found by Tokarev without giving him credit. After the researcher went public, the company apologized for the delayed response, superficially.

When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.

Apple quietly fixes a zero-day exploit

On GitHub Tokarev detailed how any app downloaded devices running iOS 15 can access users’ Apple ID email and full name associated with it, ID authentication token, and much more. He also mentions that the bounty for finding such a bug is $100,000 but it is unclear whether he was rewarded or not.

On the Apple Security Bounty Program page this vulnerabilty is evaluated at $100,000 (Broad app access to sensitive data normally protected by a TCC prompt or the platform sandbox. “Sensitive data” access includes gaining a broad access (i.e., the full database) from Contacts).

Like last time, the frustrated researcher is being given the silent treatment by the company.

Furthermore, on the issue of zero-day exploits, the other two iOS 15 vulnerabilities found by the researcher are still unpatched.

  • Nehelper Wifi Info 0-day: XPC endpoint com.apple.nehelper accepts user-supplied parameter sdk-version, and if its value is less than or equal to 524288, com.apple.developer.networking.wifi-info entiltlement check is skipped. Ths makes it possible for any qualifying app (e.g. posessing location access authorization) to gain access to Wifi information without the required entitlement.
About the Author

Addicted to social media and in love with iPhone, started blogging as a hobby. And now it's my passion for every day is a new learning experience. Hopefully, manufacturers will continue to use innovative solutions and we will keep on letting you know about them.

Leave a comment