Apple fixes a vulnerability in iOS 15.0.1 that could bypass the lock screen, but points out that it hasn't paid a bug bounty

On October 1, 2021, local time, Apple released iOS 15.0.1. Some bug fixes have been made in iOS 15.0.1, but other bugs not officially mentioned have also been quietly fixed, and this quietly fixed bug has been reported to Apple's bug bounty program. It has been pointed out that it was left unattended without payment of bounties.

About iOS 15 Update-Apple Support (Japan)

Apple patched an iOS lock screen bypass without crediting its discovery | AppleInsider

Regarding iOS 15.0.1 released by Apple on October 1, 2021, Apple mistakenly said 'IPhone 13 model' Unlock iPhone on Apple Watch 'may not work' and 'Settings' App It reports that it has fixed two issues that may cause a 'low free space' warning.

However, in reality, security researcher Jose Rodriguez released it to the public on September 22, 2021, using the VoiceOver function and sharing tools to 'make the iPhone a memo app without unlocking it.' It became clear that the 'vulnerability that makes it accessible' has also been fixed. Rodriguez had reported the vulnerability to Apple before it was released to the public, but the vulnerability remained unfixed and no bounty was paid, so the day after iOS 15 was released. He explained that he decided to make it publicly available.

Immediately after the release, 'iOS 15' discovers a vulnerability that allows access to the contents of memos by bypassing the lock screen --GIGAZINE

Apple has an official page that summarizes security updates, including iPhone 6s and later iPhones, all iPad Pros, iPad Air 2 and later iPad Air, 5th generation iPad and later iPads, iPad mini 4 and later iPad mini, It claims to have fixed a vulnerability affecting the 7th generation iPad touch. It also states that this vulnerability 'this update does not fix the vulnerability registered in CVE'.

Apple Insider, an Apple-related media outlet, reports that what Apple reported as 'fixing an unknown vulnerability' was the vulnerability reported by Rodriguez. It should be noted that, according to AppleInsider known cases that the vulnerability Apple has modified as 'unknown vulnerabilities' is, there is also a before and things.

Some security researchers have criticized Apple's bug bounty program. Rodriguez also criticized Apple's bug bounty program, but it's unclear if that led to this 'fixed as an unknown vulnerability.'

The vulnerability sent to Apple's Bug Bounty Program turned out to be unfixed for half a year, and the discoverer published a zero-day vulnerability as 'disappointed'-GIGAZINE

Security researchers announce three zero-day vulnerabilities in iOS 15 because 'Apple's bug reward program isn't working'-GIGAZINE

in Mobile,   Software,   Security, Posted by logu_ii