It House, Oct. 2, Apple Inc today pushed iOS/iPadOS 15.0.1 update to iPhone and iPad users, internal version number: (19A348).
IOS 15.0.1 official fixed a Bug unlocked with Apple Watch so that the certified Apple Watch could not unlock the iPhone 13/Pro series when the user was wearing a mask.
Today's update also fixes an error that could cause App to incorrectly display alarms that storage space is full, and resolved an issue that could cause Fitness+ users of Apple Watch to accidentally start training when enabling mindfulness meditation.
According to Apple Insider, Apple Inc's latest iOS 15.0.1 update does not contain patches for three zero-day vulnerabilities that researchers reported to Apple Inc a few months ago and disclosed publicly last week.
In September, security researcher Denis Tokarev (alias illusionofcha0s) claimed that Apple Inc ignored several reports related to newly discovered zero-day vulnerabilities in iOS systems. Tokarev reported four vulnerabilities to Apple Inc between March 10 and May 4. Although one issue was fixed in iOS 14.7, the other three issues are still valid in the latest iOS 15.0.1.
Tokarev acknowledges that the persistent zero-day vulnerability involves a Bug that allows maliciously crafted applications to read users' Apple ID information if they are allowed to enter the app store in some way.
However, Tokarev was uncomfortable with the way Apple Inc handled the disclosure of the report through the loophole reward program, and he wrote a blog post at the end of September detailing his interaction with the tech giant team. According to the researcher, Apple Inc did not list the security issues it fixed in iOS 14.7, nor did it add information about the flaw in subsequent security page updates.
Apple Inc's company saw Tokarev's blog post and apologized again. The company said its team was still investigating the remaining three vulnerabilities as of Sept. 27, but Tokarev last week disclosed them under a standard vulnerability disclosure agreement.
It House learned that earlier this week, researcher Bobby Rauch publicly disclosed an AirTag vulnerability after Apple Inc did not answer basic questions about the vulnerability or whether Rauch would be rewarded for discovering it. The vulnerability allows an attacker to insert code and redirect a well-intentioned person to a malicious web page when the device is scanned in lost mode.