According to 9to5 Mac, last month, security researcher Denis Tokarev (aka illusionofchaos) shared his experience of reporting three zero-day iOS vulnerabilities to Apple and criticized how Apple was slow to respond, slow to act, and did not patch one of the three reported vulnerabilities in a timely manner. Now it seems that Apple has fixed one of the zero-day vulnerabilities, which was a vulnerability in the iOS 15 system discovered by Denis Tokarev earlier this year, but Apple did not give him a credit or thank him.
In September, Tokarev said that after waiting for as long as half a year to report some vulnerabilities to Apple, he decided to make the information public.
"Ten days ago I asked for an explanation and warned at the time that if I didn't get one, the research would be made public. My request was ignored, so I am doing what I said. My actions are in line with responsible disclosure guidelines (Google Project Zero discloses vulnerabilities within 90 days of reporting to the vendor ZDI). I have waited longer, in one case up to half a year."
In late September, Tokarev shared that he got a response from Apple saying they were still working on the "issues" and apologized for the delays.
In his September blog post, Tokarev detailed a manipulated zero-day vulnerability (1 of 3) that would have allowed any app installed from the App Store to obtain personal user data such as Apple ID email and full name, Apple ID authorization tokens, full file system read access to the Core Duet database, and more.
Now Tokarev says he has discovered that Apple has patched the gaming zero-day vulnerability he discovered in the iOS 15.0.2 security update, but has not credited him.
When the first zero-day vulnerability that Tokarev discovered and reported to Apple was fixed in the official version of iOS 14.7 (July 19), he did not receive a reward, Apple told him.
"Due to processing issues, your reward will be included as a security advisory in an upcoming update. We apologize for the inconvenience."
After patching the second vulnerability in iOS 15.0.2 and attributing it to "an anonymous researcher," Tokarev says Apple did respond to him within six hours, but apparently there was no way to fix the problem of citing him correctly. Meanwhile, Apple still hasn't responded to the compensation for the analyticsd zero-day vulnerability he discovered that was patched in iOS 14.7.
Tokarev was asked to keep Apple's latest emails confidential, and he has complied with that request for now.
Previous article:Xiaomi Mi 11 series pushes MIUI 12.5.13.0 stable version: updates Google September security patch
Next article:Apple Music app is expected to be launched on Sony PS5, players have already seen the icon appear
- Popular Resources
- Popular amplifiers
EL2228CY-T13
- Apple and Samsung reportedly failed to develop ultra-thin high-density batteries, iPhone 17 Air and Galaxy S25 Slim phones became thickerOn November 11, sources Jukanlosreve and yeux1122 revealed that both Apple and Samsung's ultra-thin high-density battery projects had failed. The two companies had previously tried to develop ultra-thin high-density batteries in their iPhones. ...
- Micron will appear at the 2024 CIIE, continue to deepen its presence in the Chinese market and lead sustainable developmentAt this year's CIIE, Micron shared the latest progress of the Xi'an packaging and testing plant expansion project, and shared with relevant partners on the theme of "Talking about Empowerment: Co-promoting Coexistence of Business and Sustainable Development"....
- Qorvo: Innovative technologies lead the next generation of mobile industryAt the 12th China Hard Technology Industry Chain Innovation Trend Summit held recently, Qorvo China Senior Sales Director Jiang Xiong shared Qorvo's technological innovation and market development in the new generation of 5G applications. ...
- BOE exclusively supplies Nubia and Red Magic flagship new products with a new generation of under-screen display technology, leading the industry into the era of true full-screenBOE (BOE Oriental) exclusively supplies Nubia and Red Magic flagship new products. The new generation of under-screen display technology leads the industry into the era of true full-screen. On November 5, BOE (BOE Oriental) joined hands with Nubia, ...
- OPPO and Hong Kong Polytechnic University renew cooperation to upgrade innovation research center and expand new boundaries of AI imagingNovember 4, 2024, Hong Kong, China - OPPO Guangdong Mobile Communications Co., Ltd. (OPPO) and the Hong Kong Polytechnic University (PolyU) held a cooperation renewal ceremony based on the cooperation agreement signed by both parties in 2022. ...
- Gurman: Vision Pro will upgrade the chip, Apple is also considering launching glasses connected to the iPhone
- OnePlus 13 officially released: the first flagship of the new decade is "Super Pro in every aspect"
- Goodix Technology helps iQOO 13 create a new flagship experience for e-sports performance
- BOE's new generation of light-emitting devices empowers iQOO 13 to fully lead the flexible display industry to a new level of performance
- LED chemical incompatibility test to see which chemicals LEDs can be used with
- Application of ARM9 hardware coprocessor on WinCE embedded motherboard
- What are the key points for selecting rotor flowmeter?
- LM317 high power charger circuit
- A brief analysis of Embest's application and development of embedded medical devices
- Single-phase RC protection circuit
- stm32 PVD programmable voltage monitor
- Introduction and measurement of edge trigger and level trigger of 51 single chip microcomputer
- Improved design of Linux system software shell protection technology
- What to do if the ABB robot protection device stops
- CGD and Qorvo to jointly revolutionize motor control solutions
- CGD and Qorvo to jointly revolutionize motor control solutions
- Keysight Technologies FieldFox handheld analyzer with VDI spread spectrum module to achieve millimeter wave analysis function
- Infineon's PASCO2V15 XENSIV PAS CO2 5V Sensor Now Available at Mouser for Accurate CO2 Level Measurement
- Advanced gameplay, Harting takes your PCB board connection to a new level!
- Advanced gameplay, Harting takes your PCB board connection to a new level!
- A new chapter in Great Wall Motors R&D: solid-state battery technology leads the future
- Naxin Micro provides full-scenario GaN driver IC solutions
- Interpreting Huawei’s new solid-state battery patent, will it challenge CATL in 2030?
- Are pure electric/plug-in hybrid vehicles going crazy? A Chinese company has launched the world's first -40℃ dischargeable hybrid battery that is not afraid of cold
- Problems in PCB design
- Please share the installation package of modelsim10.4 or other versions
- ATE1133 audio decoding solution, USB sound card solution, TYPE C audio adapter chip solution
- What kind of LCD screen is suitable for use in a vibration environment
- Baobaobao~~~After the Chinese New Year, what new developments are there in the evaluation industry? Hurry up and take a look at the Evaluation Intelligence Bureau~
- [NUCLEO-L552ZE Review] Small thermometer
- STM3L4R5 driver for hts221 and stts751
- Cytech’s award-winning live broadcast: Let you learn about ADI’s digital health biosensor series live!
- Evaluation Weekly Report 20220406: Germany's PHYTEC's i.MX 8M+ AI board and RTT Renesas high-performance CPK-RA6M4 are here
- Is this post of the study club incomplete? The formula part?
京公网安备 11010802033920号