Earlier, Apple released the iOS 15.0.1 update that patched the bug that prevented iPhone 13 owners from using the Apple Watch to unlock their device. While the public changelog suggested that this was the only thing that was fixed, it turns out that Apple had also patched a vulnerability that would have allowed users to bypass the lockscreen.
While this is obviously good news, it seems that some in the security researcher community aren’t so thrilled by this. This is because they feel that Apple had failed to credit the discovery of the flaw to researcher Jose Rodriguez who had actually detailed the vulnerability back in September.
— Denis Tokarev (@illusionofcha0s) October 1, 2021
Rodriguez had publicly disclosed the vulnerability by publishing a proof of concept on his YouTube channel showing how the vulnerability worked. According to the researcher, the reason for not informing Apple ahead of time was in hopes that it would shed light on the problems with Apple’s Bug Bounty program.
This is not the first time that Apple was found to have patched security flaws in its software without crediting the researchers who found it. However, it has been suggested that Apple has hired a new team to lead the Bug Bounty program in hopes of reforming it, so hopefully this won’t be an issue in the future.