Apple Apologizes to Researcher for Ignoring iOS Vulnerabilities, Says It's 'Still Investigating'

by

Last week, security researcher Denis Tokarev made several zero-day iOS vulnerabilities public after he said that Apple had ignored his reports and had failed to fix the issues for several months.

iPhone 13 Security
Tokarev today told Motherboard that Apple got in touch after he went public with his complaints and after they saw significant media attention. In an email, Apple apologized for the contact delay and said that it is "still investigating" the issues.

"We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you," an Apple employee wrote. "We want to let you know that we are still investigating these issues and how we can address them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions."

Apple did fix one of the vulnerabilities in iOS 14.7, but did not provide Tokarev with credit. Three others remain unaddressed, including a Game Center bug that allegedly allows any app installed from the App Store to access full Apple ID email and name, ‌Apple ID‌ authentication tokens, lists of contacts, and some attachments.

Details on all of the zero-day vulnerabilities have been published publicly by Tokarev, which may prompt Apple to fix them faster.

Tokarev first contacted Apple about these bugs between March 10 and May 4, so Apple has had months to issue patches, but it's worth noting that several security researchers and Tokarev himself have confirmed that the bugs are not highly critical as exploiting them would require a malicious app to first receive ‌App Store‌ approval.

Still, experts have criticized Apple's response and its bug bounty program. Cybersecurity expert Katie Moussouris told Motherboard that Apple's handling of the process is "not normal and should not be considered normal," while researcher Nicholas Ptacek said that Apple's response comes across as a "reaction to bad press."

Earlier this month, The Washington Post interviewed more than two dozen security researchers to expose the flaws in Apple's bug bounty program. Researchers said that Apple is slow to fix bugs and doesn't always pay out what's owed, leading researchers to be unhappy with Apple's program.

At the time, Apple's Head of Security Engineering and Architecture, Ivan Krstić, said that Apple is "planning to introduce new rewards for researchers" to expand participation, and that Apple is working toward offering new and even better research tools.

Tags: Apple Security, Vulnerabiltiies

Top Rated Comments

Realityck Avatar
Realityck
20 months ago
No question that Apple needs to greatly improve on their interaction with bug bounty participants.
Score: 35 Votes (Like | Disagree)
code-m Avatar
code-m
20 months ago
Stop creating more issues with your users with CSAM and patch the existing vulnerabilities. I feel CSAM is just another hole to be exploited in the future.
Score: 33 Votes (Like | Disagree)
Mr. Dee Avatar
Mr. Dee
20 months ago
So, to get Apples attention these days you have to use the ‘go to the media whipping belt’.
Score: 22 Votes (Like | Disagree)
MathersMahmood Avatar
MathersMahmood
20 months ago
My gosh not a good week for Tim Apple is it.
Score: 18 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
20 months ago
Looks like Apple was attempting some damage control. No excuse for Apple ignoring someone pointing out important vulnerabilities in the OS.
Score: 15 Votes (Like | Disagree)
scheinderrob Avatar
scheinderrob
20 months ago
apple has one of, if not the worst bounty programs i've ever seen. i wonder how many vulnerabilities are being sold on the dark web because apple is too cheap. and i don't even blame the hackers. finding these takes a lot of time and skill.

i've been out of it for a while now but untethered jailbreaks used to be worth a million. probably more now.
Score: 13 Votes (Like | Disagree)
Read All Comments

Popular Stories

dynamic island

iPhone 15 Dynamic Island to Include New Integrated Proximity Sensor

Friday March 24, 2023 12:27 am PDT by
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models. According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...
Read Full Article72 comments
apple park at night 1

Apple 'Tracking Employee Attendance' in Crackdown on Remote Working

Thursday March 23, 2023 3:41 am PDT by
Apple is tracking the attendance of its employees at offices using badge records in order to ensure they are coming in at least three times a week, according to Platformer's Zoë Schiffer. Since April 2022, Apple employees have been operating on a hybrid home/office work policy as part of a gradual return strategy following the pandemic, with staff required to work from the office at least...
Read Full Article335 comments
iphone 14 pro max deep purple feature purple

iPhone 15 Pro Rumor Recap: 10 New Features and Changes to Expect

Thursday March 23, 2023 6:42 am PDT by
While the iPhone 15 series is still around six months away from launching, there have already been plenty of rumors about the devices. Many new features and changes have been rumored for the iPhone 15 Pro and iPhone 15 Pro Max in particular. Below, we have recapped 10 changes rumored for iPhone 15 Pro models that are not expected to be available on the standard iPhone 15 and iPhone 15 Plus:A1...
Read Full Article100 comments
maxresdefault

Nothing Launches $149 Ear (2) Wireless Earbuds to Compete With AirPods Pro 2

Wednesday March 22, 2023 9:48 am PDT by
Nothing today announced the launch of its second-generation wireless earbuds, the Nothing Ear (2), which offer many of the same features as Apple's AirPods Pro 2 at a lower price point. We went hands-on with the Ear (2) earbuds to see whether they're a viable alternative to the AirPods Pro 2 for those who want to save some cash. The Ear (2) earbuds are the successor to the Nothing Ear (1),...
Read Full Article92 comments
TMobile Sprint

Apple Stops Allowing Sprint iPhone Activations, Removes Sprint References From Online Store

Thursday March 23, 2023 12:06 pm PDT by
Apple is no longer allowing customers who purchase an iPhone, cellular iPad, or Apple Watch to activate a device with now-defunct mobile carrier Sprint. Apple has also removed remaining references to Sprint from its online store. When checking out with a new purchase, Sprint is no longer an option for connectivity, a change that Apple appears to have implemented today. Prior to now, Sprint...
Read Full Article65 comments
iOS 16

iOS 16.4 for iPhone Nearing Launch With These 5 New Features

Monday March 20, 2023 11:50 am PDT by
Apple says iOS 16.4 is coming in the spring, which began this week. In his Sunday newsletter, Bloomberg's Mark Gurman said the update should be released "in the next three weeks or so," meaning a public release is likely in late March or early April. iOS 16.4 remains in beta testing and introduces a handful of new features and changes for the iPhone. Below, we have recapped five new features ...
Read Full Article
Hero0009

Best Apple Deals of the Week: Samsung's Smart Monitor M8 Gets Massive $250 Discount, Along With Year's Best AirPods Prices

Friday March 24, 2023 10:23 am PDT by
We saw a lot of great deals on Apple products and related accessories this week, including Samsung's iMac-like Smart Monitor M8 for $250 off, a 30 percent off spring sale at Anker, and the year's best prices on numerous AirPods models. All of these deals are still available to purchase right now, so we're recapping them and more below. Note: MacRumors is an affiliate partner with some of these ...
Read Full Article12 comments
top stories 25mar2023

Top Stories: iPhone 15 Pro Design Leak, iOS 16.4 Coming Soon, and More

Saturday March 25, 2023 6:00 am PDT by
We're still almost six months away from the official unveiling of the iPhone 15 lineup, but it seems like every day we're learning more about what to expect from the next-generation models. Notably, this week gave us our clearest look yet at what appear to be some changes for the volume and mute control hardware. iOS 16.4 and associated releases are also right around the corner with some new ...
Read Full Article29 comments