Last week, security researcher Denis Tokarev disclosed several zero-day vulnerabilities in iOS after realizing that Apple had ignored his reports for several months. Now the company has apologized.
Tokarev said today opposite Motherboard reports that Apple contacted him after he went public with his complaints and sparked a huge media response. In a personal email, Apple apologized for the delay in contacting him and explained that the company is "still investigating" the issues. It states:
We've seen your blog post about this issue and your other reports. We apologize for the delay in responding. We want you to know that we are still investigating these issues and figuring out how to resolve them to protect our customers. Thanks again for taking the time to report these issues to us, we appreciate your help. Please let us know if you have any further questions.
iOS security vulnerabilities: Apple under pressure
Apple fixed one of the vulnerabilities in iOS 14.7 but did not credit Tokarev. Three other vulnerabilities have not yet been fixed, including a bug in Game Center that allegedly allows any app installed from the App Store to access the full Apple ID email and name details, Apple ID authentication tokens, lists of contacts, and some attachments. This is a particularly severe vulnerability that is present in both iOS 14.8 and iOS 15. Since Tokarev has since released further details on all zero-day vulnerabilities published Apple will probably try to fix the problem as soon as possible. (Photo by blackboard / Bigstockphoto)
