IT House News on October 3 Apple pushed the iOS/iPadOS 15.0.1 update to iPhone and iPad users in the early morning of October 2nd, the internal version number: (19A348).
The official version of iOS 15.0.1 fixes a bug of unlocking with Apple Watch. This bug prevents the certified Apple Watch from unlocking the iPhone 13/Pro series when the user is wearing a mask.
IT Home is informed that the update also fixes a bug that may cause the Settings App to incorrectly display a storage full alert, and solves an issue that may cause Fitness+ users of Apple Watch to start training unexpectedly when mindfulness meditation is enabled.
According to Apple Insider reports, Apple fixed the recently discovered iPhone lock screen bypass issue when it released the official version of iOS 15.0.1, but did not publicly acknowledge this vulnerability or reward researchers who discovered it.
In September of this year, researcher Jose Rodriguez detailed an iOS vulnerability that allows attackers to bypass the secure iPhone lock screen and access notes through a combination of VoiceOver and common sharing tools.
Jose Rodriguez posted a proof of concept on his YouTube channel on September 20th, explaining how a user’s notes can be copied and sent to another device. The researcher did not disclose the vulnerability to Apple before making it public. He said at the time that he was “giving away” the vulnerability discovery, hoping to reveal issues related to Apple’s vulnerability bounty program.
As Jose Rodriguez pointed out on Twitter on Friday, Apple’s iOS 15.0.1 version includes a fix for the lock screen bypass. The subsequent release notes showed that Apple did not specify the CVE name, nor did it provide rewards to researchers who discovered the vulnerability. Apple took similar actions last month when quietly fixing a macOS Finder vulnerability.
A report last week showed that researchers criticized Apple’s vulnerability bounty program for a general lack of communication, and there are also problems with the payment of discovered vulnerabilities. Recently, security researchers Denis Tokarev, Bobby Rauch, and Rodriguez also expressed these views, and they all discovered and reported vulnerabilities to Apple.
Ivan Krstic, Apple’s head of security engineering, called the program “very successful” in an interview last month, adding that Apple is collecting feedback as it continues to “expand and improve” the program. He said at the time that Apple worked hard to solve the mistakes and “learned from them and quickly improved the plan.”
Recent reports indicate that Apple has hired a new team leader to reform the bug bounty program.Return to Sohu to see more
Editor:
Disclaimer: The opinions of this article only represent the author himself. Sohu is an information publishing platform. Sohu only provides information storage space services.
.