September 24, 2021

Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr


Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr

Comments

speckz

I don’t understand why Apple is taking so long.

**Timeline:**

**April 29 2021** – I sent a detailed report to Apple

**April 30 2021** – Apple replied that they had reviewed the report and are investigated

**May 20 2021** – I’ve requested a status update from Apple (and recieved no reply)

**May 30 2021** – I’ve requested a status update from Apple

**June 3 2021** – Apple replied that they plan to address the issue in the upcoming update

**July 19 2021** – iOS 14.7 is released with the fix

**July 20 2021** – I’ve requested a status update from Apple

**July 21 2021** – iOS 14.7 [security contents list is published](https://support.apple.com/en-us/HT212601), this vulnerability is not mentioned

**July 22 2021** – I’ve asked Apple a question why the vulnerability is not on the list Same day I receive the following reply: **Due to a processing issue, your credit will be included on the security advisories in an upcoming update. We apologize for the inconvenience.**

**July 26 2021** – iOS 14.7.1 [security contents list is published](https://support.apple.com/en-us/HT212623), still no mention of this vulnerability

**September 13 2021** – iOS 14.8 [security contents list is published](https://support.apple.com/en-us/HT212807), still no mention of this vulnerability. Same day I asked for an explanation and informed Apple that I would make all my reasearch public unless I receive a reply soon

**September 20 2021** – iOS 15.0 [security contents list is published](https://support.apple.com/en-us/HT212814), still no mention of this vulnerability

**September 24 2021** – I still haven’t received any reply so I publish this article

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.