Apple apologizes to researcher after ignoring flaws in iOS 15
Security researcher Denis Tokarev indicated that Apple contacted him regarding the flaws he found in iOS that still haven’t been fixed. He recently criticized Apple’s behavior.
Apple apologizes to security researcher
“We have seen your blog post regarding this issue and your other reports. We apologize for the delay in responding to you “, wrote an Apple employee to the security researcher. “We want to let you know that we are still investigating these issues and how we can resolve them to protect customers. Thank you again for taking the time to report these issues to us, we appreciate your help. Do not hesitate to let us know if you have any questions ».
Denis Tokarev reported four iOS vulnerabilities to Apple. This dates back to March and Apple only fixed one with iOS 14.7. And again, the job was not well done, since Apple did not name the name of the researcher as the author of the discovery.
The other three flaws, which still exist in iOS 15, relate to the Game Center (to allow any app installed from the App Store to access users’ email addresses and other information), Apple account authentication tokens, access to contact lists and some attachments.
Reviews from various security researchers
The way Apple is handling the process is “Not normal and should not be considered normal” says Katie Moussouris, cybersecurity expert. For his part, researcher Nicholas Ptacek considers that Apple’s response looks like a “Reaction to bad press”. Indeed, the manufacturer only reacted and presented after articles published on several sites.
In any case, this is not the first time that Apple’s flaw correction program has been criticized. A few weeks ago, several security researchers reported that Apple was slow to respond and did not always pay what was owed. Apple has since promised that it will make improvements. This concerns both better rewards and better general management.