Apple releases iOS 15.0.2 to fix two zero-day exploits; and fails to credit the researcher who found the vulnerability
Last month, Apple released an emergency update for its iPhones, iPads, Mac computers, and Apple Watches to fix a serious security vulnerability. It's happening again, two more zero-day vulnerabilities have been patched in iOS 15.0.2.
The update fixes an exploit with the tracking entry CVE-2021-30883. It fixes a security vulnerability related to the IOMobileFrameBuffer, that could allow execution of arbitraty code with kernel privileges. Apple says it has resolved the problem by improving the memory handling of devices.
The other vulnerability that was fixed is called Gamed O-day. It allowed apps installed from the App Store to access user data such as the Apple ID email and full name linked to it, the Apple ID authentication token, the file system which in turn allows access to SMS, Mail, iMessage, 3rd party messengers, and the user's interaction with the contacts, not limited to timestamps and attachments.
The iOS 15.0.2 and iPadOS 15.0.2 is available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).
There's a bit of a drama behind the iOS 15.0.2 Update. If you go to the Apple Security Update page for the latest patch, you may be surprised to find that the second security exploit that we mentioned above is not listed there. It almost looks like they wanted to keep it quiet, doesn't it? Well, that is exactly what happened.
Bleeping Computer reports that Apple did not credit the researcher who found the 2nd vulnerability. The exploit was discovered by Denis Tokarev, a Russian software developer. If you look back a few months, you may know that the Cupertino based company patched its operating system quite a few times to address security advisories. Tokarev assisted Apple by sharing his discoveries, and the company included a fix for the exploit that he reported in iOS 14.7, 15.0 (2 issues). When he asked Apple to credit him for his findings, he was instead told to treat the email correspondence as confidential. This is highly unusual and unethical. The Apple Security Bounty Program exists for a reason, to reward security experts who help the company patch vulnerabilities, for their contribution to protect millions of users worldwide.
As a matter of fact, the page for the bounty program states that
Apple offers public recognition for those who submit valid reports, and will match donations of the bounty payment to qualifying charities
And yet, Tokarev was not credited for his findings. Speaking of which, the developer has a GitHub page where he outlines the technical information of the exploit, including a proof of concept.
I wonder what would happen if these white hat hackers become annoyed by such treatment, and stopped helping Apple? Imagine the chaos if the users had their email IDs, names, logs, had been leaked on the dark web. It could prove to be very costly, quite literally.
On a side note, the security vulnerability related to the IOMobileFrameBuffer, that was patched in iOS 15.0.2 has been released on GitHub. That's good news, because we can expect a new Jailbreak for it.
If Nothing OS is nothing more that an overlay with Google still in the midst….then I ain’t interested.
Another unrelated comment older than the article. Pathetic.
it is becoming mindbogglingly annoying indeed…
Under: https://www.ghacks.net/2023/09/12/iphone-15-with-usb-c-port/
Apple was forced to add USB-C to a phone and the maccultists start talking about “revolution” and “paradigm shift” (as if USB phones had never come out before). It’s so ridiculous it’s reminiscent of comedians doing the “stepped on a water hose” stunt – that was at least somehow funny a hundred years ago.
Reading this on a site that used to be a technical resource is especially ridiculous.
How pathetic
“An iPhone 15 with a USB-C port will mean more than you think”
That Apple can finally stop hindering progress if spanked hard enough ?
I’m thrilled to see Instagram taking steps to enhance the user experience with features like Live Activities. This update is a game-changer, especially for those who frequently upload content on the platform.
The ability to track upload progress in the background is a simple yet incredibly useful addition. It not only keeps users informed about the status of their uploads but also allows for a more seamless experience on the platform. No more constantly checking if your post has successfully uploaded or worrying about interrupted uploads due to a weak signal.
As an active Instagram user, this feature is a relief. It showcases Instagram’s commitment to improving user satisfaction and addressing common pain points. It’s all about making the platform more user-friendly, and this feature certainly accomplishes that.
I can’t wait to try out Live Activities and enjoy a stress-free posting experience. Kudos to Instagram for continually innovating and making our social media lives easier!
Keep up the great work, Instagram, and thanks to ghacks for keeping us in the loop with the latest tech updates!
I am additionally add one more think if you want to watch instagram stories anonymously to visit site storysnooper.com.
I found this post really insightful! It’s always intriguing to learn about the various ways we can navigate and understand social media platforms. The idea of checking someone’s Threads following list might seem like a niche topic, but in today’s digital age, it can be quite relevant.
As someone who uses social media regularly, I appreciate the tips and guidance provided here. It’s not just about curiosity; it’s also about understanding our online connections better. This information can help us engage more effectively and stay updated with the content that interests us the most.
The step-by-step instructions provided in the article are clear and easy to follow. It’s great that the author has taken the time to break down the process, making it accessible to both tech-savvy individuals and those who might not be as familiar with these platforms.
I also appreciate the emphasis on privacy and ethics. It’s essential to remember that online interactions should always respect the boundaries and consent of others. The article’s focus on respecting others’ privacy is a reminder of the importance of responsible online behavior.
Overall, this post is a valuable resource for anyone looking to understand more about the Threads following list on social media platforms. I’ll definitely be sharing this with my friends and followers who might find it useful. Keep up the great work, ghacks!