Apple Fixed Bug Without Crediting Researcher Who Found It


Apple: Last Monday (11), Apple released the new version of iOS (15.0.2) to fix some bugs found in the operating system. So far, no problem, right? But what did not please many people is that the company did not give credit to the researcher responsible for finding the flaws, and this has even happened other times.

Last month, researcher Denis Tokarev revealed that he had identified security holes in iOS and had repeatedly notified the company via email, but had gone unanswered for months. The same happened with a bug found on day zero, identified by Tokarev earlier this year, and corrected this Monday.

Some updates to Apple’s mobile operating system had flaws found by Tokarev and, in September, after not being credited, he decided to publish the information to reveal the situation.

Bug hunters are not happy

“Due to a processing issue, your credit will be included in the security notices in a future update. We apologize for the inconvenience,” was Apple’s response after the researcher filed his complaint.

On the day of the iOS 15.0.2 update, Tokarev contacted Apple again to try to understand the reason for not being credited. However, the company asked to keep the email exchange confidential.

It’s not just Tokarev’s word against Apple’s: other researchers have reported similar experiments, revealing that Apple silently corrects errors without giving credit to the researchers who found them. There are even reports of the company not paying promised amounts, or simply not paying anything, in the bug rewards programs.

Between March and May 2021, Tokarev was responsible for finding four relatively serious security breaches. If the vulnerabilities found were exploited, hackers could easily gain access to the device’s emails, names, tokens, and app information.


Please enter your comment!
Please enter your name here