Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

by

Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months.

iPhone 13 Security
Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay and said that it is "still investigating" the issues.

"We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you," an Apple employee wrote. "We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions."

Apple did fix one of the vulnerabilities in iOS 14.7, but did not provide Tokarev with credit. Three others remain unaddressed, including a Game Center bug that allegedly allows any app installed from the App Store to access full Apple ID email and name, ‌Apple ID‌ authentication tokens, lists of contacts, and some attachments.

Details on all of the zero-day vulnerabilities have been published publicly by Tokarev, which may prompt Apple to fix them faster.

Tokarev first contacted Apple about these bugs between March 10 and May 4, so Apple has had months to issue patches, but it's worth noting that several security researchers and Tokarev himself have confirmed that the bugs are not highly critical as exploiting them would require a malicious app to first receive ‌App Store‌ approval.

Still, experts have criticized Apple's response and its bug bounty program. Cybersecurity expert Katie Moussouris told Motherboard that Apple's handling of the process is "not normal and should not be considered normal," while researcher Nicholas Ptacek said that Apple's response comes across as a "reaction to bad press."

Earlier this month, The Washington Post interviewed more than two dozen security researchers to expose the flaws in Apple's bug bounty program. Researchers said that Apple is slow to fix bugs and doesn't always pay out what's owed, leading researchers to be unhappy with Apple's program.

At the time, Apple's Head of Security Engineering and Architecture, Ivan Krstić, said that Apple is "planning to introduce new rewards for researchers" to expand participation, and that Apple is working toward offering new and even better research tools.

Tags: Apple Security, Vulnerabiltiies

Popular Stories

iOS 18

Here Are Apple's Full iOS 18.5 Release Notes

Tuesday May 6, 2025 2:17 pm PDT by
Apple today seeded the release candidate version of iOS 18.5 to developers and public beta testers, giving us a look at the final version of the update that will be provided to the public next week. With the release candidate, Apple provided release notes, so we have a more complete look at the new features that are included in the update, including those that weren't found during the beta...
Read Full Article64 comments
siri glow

iPhone Users Now Able to Submit Claims in $95 Million Siri Spying Lawsuit

Wednesday May 7, 2025 11:40 am PDT by
If you owned a Siri-compatible device and had an accidental Siri activation between September 17, 2014 and December 31, 2024, you could be eligible for a payment from Apple as part of a class action lawsuit settlement. Apple in January agreed to pay $95 million to settle a class action lawsuit involving Siri spying accusations, and a website to distribute the funds has now been set up and...
Read Full Article76 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17: What's New With the Cameras

Friday May 2, 2025 3:52 pm PDT by
We've still got months to go before the new iPhone 17 models come out, but a combination of dummy models and leaks have given us some insight into what we can expect in terms of camera changes. Apple is adding new camera features, and changing the design of the camera bump for some models. You might be skeptical of dummy models, but over the years, they've proven to be a highly accurate...
Read Full Article91 comments
iOS 18

Apple Says iOS 18.5 Coming Soon, Here is What's New

Monday May 5, 2025 8:19 am PDT by
In its press release for the new Pride Band today, Apple said that iOS 18.5 is "upcoming," following more than a month of beta testing. We expect the iOS 18.5 Release Candidate to be released this week, and this should be the final beta version, barring any last-minute bugs or changes. The software update should then be released to the general public next week. iOS 18.5 is a relatively...
Read Full Article60 comments
Nineth iOS 19 Feature

iOS 19 Beta is a Month Away With These New Features for Your iPhone

Thursday May 8, 2025 7:37 am PDT by
The first iOS 19 beta is just one month away, and there are already many new features and changes that are expected with it. Apple should seed the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September. Below, we recap the key iOS 19 rumors...
Read Full Article46 comments
Foldable iPhone 2023 Feature Homescreen

Foldable iPhone Said to Have Two Key Advantages

Monday May 5, 2025 6:41 am PDT by
Apple plans to release its first foldable iPhone next year, according to several reporters and analysts who cover the company. In his Power On newsletter today, Bloomberg's Mark Gurman said the foldable iPhone will offer two key advantages over other foldable smartphones. First, he said the foldable iPhone will have a "nearly invisible" crease when unfolded. This means the device's...
Read Full Article181 comments
Foldable iPhone 2023 Feature Homescreen

Apple's Foldable iPhone Display Tech May Set New Industry Standard

Thursday May 8, 2025 3:29 am PDT by
Apple's upcoming foldable iPhone will feature a new type of display panel developed by Samsung that has never been used in a foldable product, claims a source with links to Apple's supply chain. According to the account yeux1122 on the Korean Naver blog, the foldable iPhone will use a custom display process for which Apple will hold branding trademark rights, and that meets Apple's stringent ...
Read Full Article117 comments
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Tuesday April 29, 2025 1:30 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article102 comments

Top Rated Comments

Realityck Avatar
Realityck
47 months ago
No question that Apple needs to greatly improve on their interaction with bug bounty participants.
Score: 35 Votes (Like | Disagree)
code-m Avatar
code-m
47 months ago
Stop creating more issues with your users with CSAM and patch the existing vulnerabilities. I feel CSAM is just another hole to be exploited in the future.
Score: 33 Votes (Like | Disagree)
Mr. Dee Avatar
Mr. Dee
47 months ago
So, to get Apples attention these days you have to use the ‘go to the media whipping belt’.
Score: 22 Votes (Like | Disagree)
MathersMahmood Avatar
MathersMahmood
47 months ago
My gosh not a good week for Tim Apple is it.
Score: 18 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
47 months ago
Looks like Apple was attempting some damage control. No excuse for Apple ignoring someone pointing out important vulnerabilities in the OS.
Score: 15 Votes (Like | Disagree)
6787872 Avatar
6787872
47 months ago
apple has one of, if not the worst bounty programs i've ever seen. i wonder how many vulnerabilities are being sold on the dark web because apple is too cheap. and i don't even blame the hackers. finding these takes a lot of time and skill.

i've been out of it for a while now but untethered jailbreaks used to be worth a million. probably more now.
Score: 13 Votes (Like | Disagree)
Read All Comments