![](https://webcf.waybackmachine.org/web/20210924104247im_/https://habrastorage.org/getpro/habr/upload_files/5b4/f38/55e/5b4f3855ed7e33970065a5606df6a14b.jpg)
I want to share my frustrating experience participating in Apple Security Bounty program. I've reported four 0-day vulnerabilities this year between March 10 and May 4, as of now three of them are still present in the latest iOS version (15.0) and one was fixed in 14.7, but Apple decided to cover it up and not list it on the security content page. When I confronted them, they apologized, assured me it happened due to a processing issue and promised to list it on the security content page of the next update. There were three releases since then and they broke their promise each time.
Read more to learn the specifics of 0-day vulnerabilities.