Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

by

Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months.

iPhone 13 Security
Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay and said that it is "still investigating" the issues.

"We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you," an Apple employee wrote. "We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions."

Apple did fix one of the vulnerabilities in iOS 14.7, but did not provide Tokarev with credit. Three others remain unaddressed, including a Game Center bug that allegedly allows any app installed from the App Store to access full Apple ID email and name, ‌Apple ID‌ authentication tokens, lists of contacts, and some attachments.

Details on all of the zero-day vulnerabilities have been published publicly by Tokarev, which may prompt Apple to fix them faster.

Tokarev first contacted Apple about these bugs between March 10 and May 4, so Apple has had months to issue patches, but it's worth noting that several security researchers and Tokarev himself have confirmed that the bugs are not highly critical as exploiting them would require a malicious app to first receive ‌App Store‌ approval.

Still, experts have criticized Apple's response and its bug bounty program. Cybersecurity expert Katie Moussouris told Motherboard that Apple's handling of the process is "not normal and should not be considered normal," while researcher Nicholas Ptacek said that Apple's response comes across as a "reaction to bad press."

Earlier this month, The Washington Post interviewed more than two dozen security researchers to expose the flaws in Apple's bug bounty program. Researchers said that Apple is slow to fix bugs and doesn't always pay out what's owed, leading researchers to be unhappy with Apple's program.

At the time, Apple's Head of Security Engineering and Architecture, Ivan Krstić, said that Apple is "planning to introduce new rewards for researchers" to expand participation, and that Apple is working toward offering new and even better research tools.

Tags: Apple Security, Vulnerabiltiies

Popular Stories

iphone 17 pro asherdipps

iPhone 17 Pro Max Rumors Allegedly Refer to 'iPhone 17 Ultra' Model

Friday March 14, 2025 7:56 am PDT by
If you've been following iPhone rumors over the last few years, you may remember reading reports that Apple flirted with the idea of introducing a super high-end "Ultra" model that would either replace its Pro Max device or sit above it in Apple's smartphone hirearchy. These reports appeared in the pre-launch iPhone 15 and iPhone 16 rumor cycles, but ultimately came to nothing. Now though, the...
Read Full Article143 comments
ios 18 4 carplay

Apple Upgrades CarPlay in Two Ways

Wednesday March 12, 2025 6:05 am PDT by
The upcoming iOS 18.4 update for the iPhone includes a smaller but meaningful improvement for Apple's in-car iPhone mirroring system CarPlay. Specifically, CarPlay now shows a third row of icons, up from two rows previously. However, this change is only visible in vehicles with a larger center display. For example, a MacRumors Forums member noticed the change in a Toyota Tundra with a...
Read Full Article55 comments
airpods pro 2 gradient

AirPods Pro 3 Launch Now Just Months Away: Here's What We Know

Tuesday March 11, 2025 3:26 am PDT by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as excellent for...
Read Full Article48 comments
iPhone 17 Air Size Feature

Ultra-Thin 'iPhone 17 Air' Rumored to Include These 12 Features

Saturday March 15, 2025 10:50 am PDT by
While the so-called "iPhone 17 Air" is not expected to launch until September, there are already plenty of rumors about the ultra-thin device. Overall, the "iPhone 17 Air" sounds like a mixed bag. While the device is expected to have an impressively thin and light design, rumors indicate it will have some compromises compared to iPhone 17 Pro models, including only a single rear camera, a...
Read Full Article118 comments
apple surveyor app

Apple Launches 'Surveyor' App for Apple Maps Data Collection

Friday March 14, 2025 10:38 am PDT by
Apple today launched a new app called Surveyor, which is designed to allow users to collect data like images of street signs and roadside details to improve Apple Maps. The app is not public facing and appears to be for use with companies that Apple partners with to assign mapping tasks. Downloading the app and opening it up directs users to "Open Partner App" to choose a task. Tapping on...
Read Full Article72 comments
Apple Intelligence Comes Under Fire Feature

Apple Reassures Siri Team Members Feeling Disappointed and Embarrassed by Apple Intelligence Delay

Friday March 14, 2025 11:45 am PDT by
Apple is reassuring employees on the Siri team who may be feeling demotivated by the recent Siri delays and the bad press surrounding the company's decisions, reports Bloomberg. In a Siri team meeting, Apple senior director Robby Walker acknowledged that employees might be feeling "angry, disappointed, burned out and embarrassed" following the Siri delay, but he praised the hard work of...
Read Full Article473 comments
iOS 19 visionOS UI Elements

iOS 19 to Have Some of the 'Biggest' Design Changes in iPhone's History

Sunday March 16, 2025 10:35 am PDT by
Apple is planning some of the "biggest iOS and macOS redesigns in its history," according to Bloomberg's Mark Gurman. In his Power On newsletter today, Gurman reiterated that iOS 19 will have a visionOS-like design with more transparent interfaces:The new interfaces will adopt the design principles introduced in visionOS, the software for Apple's Vision Pro headset. That includes greater...
Read Full Article141 comments
Sad Siri Feature

Kuo: Cook Should Personally Address Siri Apple Intelligence Failure

Thursday March 13, 2025 4:02 pm PDT by
Apple made a major misstep with the way that it handled the delay of Apple Intelligence features for Siri, Apple analyst Ming-Chi Kuo said today. Announcing the delay through a press statement was a bad decision, and Apple should instead have gone through official channels. Kuo referenced the well-known "Antennagate" PR crisis when the iPhone 4 launched in 2010, and the way that then Apple...
Read Full Article432 comments
iOS 18

12 New Things Your iPhone Can Do in iOS 18.4

Monday March 10, 2025 9:28 am PDT by
Apple is set to release iOS 18.4 in early April, bringing further refinements to Apple Intelligence features, a neat new capability to iPhone 15 Pro devices, new emoji, and more. While not quite as packed with new features as Apple's preceding iOS 18 point releases, iOS 18.4 still introduces enhancements that aim to make your iPhone smarter and more intuitive. Below, we've listed 12 new...
Read Full Article33 comments

Top Rated Comments

Realityck Avatar
Realityck
45 months ago
No question that Apple needs to greatly improve on their interaction with bug bounty participants.
Score: 35 Votes (Like | Disagree)
code-m Avatar
code-m
45 months ago
Stop creating more issues with your users with CSAM and patch the existing vulnerabilities. I feel CSAM is just another hole to be exploited in the future.
Score: 33 Votes (Like | Disagree)
Mr. Dee Avatar
Mr. Dee
45 months ago
So, to get Apples attention these days you have to use the ‘go to the media whipping belt’.
Score: 22 Votes (Like | Disagree)
MathersMahmood Avatar
MathersMahmood
45 months ago
My gosh not a good week for Tim Apple is it.
Score: 18 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
45 months ago
Looks like Apple was attempting some damage control. No excuse for Apple ignoring someone pointing out important vulnerabilities in the OS.
Score: 15 Votes (Like | Disagree)
6787872 Avatar
6787872
45 months ago
apple has one of, if not the worst bounty programs i've ever seen. i wonder how many vulnerabilities are being sold on the dark web because apple is too cheap. and i don't even blame the hackers. finding these takes a lot of time and skill.

i've been out of it for a while now but untethered jailbreaks used to be worth a million. probably more now.
Score: 13 Votes (Like | Disagree)
Read All Comments