It seems that Apple has silently resolved the iOS Zero-Day vulnerability or exploit without giving credit to the researcher publicly. With the release of the iOS 15.0.2 version on Monday, October 11, 2021, Apple has fixed the particular security risk that could allow attackers to access user data from iPhone easily. Denis Tokarev has reported the flaw a couple of months before iOS 15.0.2 was announced officially.
Now, Apple is facing criticism for not giving required credit to the bug reporter or researcher who has informed about it. Although the company has responded to the researcher’s email quite lately and thanked the person, a proper credit was required. After waiting for some time, Tokarev has mentioned a zero-day flaw in the September blog of his post publicly that a gamed zero-day flaw could allow any app that has been installed from the Apple App Store to gain access to personal user data such as Apple ID email, full name, Apple ID auth token, complete file system read access to the Core Duet database, etc.
Well, Apple has resolved that gamed zero-day exploit in the iOS 15.0.2 security update according to Tokarev but didn’t credit him officially. Back on July 19, when Tokarev found the first zero-day flaw in iOS and reported it to Apple and he wasn’t credited too at that time that has been fixed in the iOS 14.7 security patch update.
Apple has told him that “Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience.” Apple has also requested Tokarev to keep all of this information confidential in the email replies.