Apple apologizes to researcher on iOS vulnerabilities

Main Image
  • Like
  • Comment
  • Share

It was only last week when security researcher Denis Tokarev countered Apple’s iOS has zero-day vulnerabilities claim which the company has ignored for months despite his complaints. The researcher says that they submitted four zero-day vulnerabilities to Apple between March 10 and May 4. One of those was patched in IOS 14.7 which apple decided to cover up. Three other security flaws were reported in the released version of iOS 15, these also received the same ignorance as to other iOS flaws.

“Ten days ago, I asked for an explanation and warned that I would make my research public if I don’t receive an explanation,” Denis said. “My request was ignored so I am doing what I said I would. My actions are in accordance with responsible disclosure guidelines.”

ALSO READ: How to improve your productivity with these Google Chrome hacks!

The three vulnerabilities include a flaw that allows Apple store apps to read data like Apple ID credentials and information about a users’ contacts. Another flaw allows any app to check whether any other app is installed on a device, while the third one allows apps with location services permissions to gain access to Wi-Fi information.

Now Apple has responded to the researcher’s claims saying it is “still investigating” the issues. Apple has also apologized for the delay that has happened in communication between them and the researcher citing ongoing investigation as the reason.

A statement from Apple says, “We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you. We want to let you know that we are still investigating these issues and how we can address them to protect our customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”

ALSO READ: Best iOS 15 features, compatible iPhones, and how to update

Tokarev has also claimed that he was not credited for reporting the one vulnerability that the company fixed too (IOS 14.7 flaw). One cybersecurity expert has also accused Apple saying that their handling of the situation is not normal, while another said that the company responded to Tokarev because of the media coverage and they have no intentions of actually fixing these flaws.

Meanwhile, Apple’s Head of Security Engineering and Architecture Ivan Krstic says that Apple is planning to introduce new rewards for researchers to expand participation and that Apple is working towards offering better research tools.

Shivangi AgarwalShivangi Agarwal
Shivangi is an honours graduate in English from Delhi University with a passion for reading and writing. Always keen to know more about the latest gadgets, when she is not reading about tech, she loves listening to Hindi music and grooving to the latest Hindi beats.

Related Articles

ImageApple Acquires DarwinAI To Checkmate Google and Microsoft

Apple has made a strategic acquisition by taking over AI startup DarwinAI to strengthen its on-device AI capabilities and take on the likes of Google and Microsoft. While tech giants like Google and Microsoft have made strides in offering AI models that run on both cloud and devices, Apple’s acquisition of DarwinAI could give the …

ImageApple responds to security allegations raised by Google

Last month, Google Project Zero published a blog post underlining iOS security vulnerabilities which allegedly let shady websites to surreptitiously hack into the iPhones. Out of the 14 reported flaws, five led to a “sustained effort to hack the users of iPhones in certain communities over a period of at least two years.” However, Apple …

ImageHow to fix Apple Personal Hotspot Flaw in iOS 13, iPadOS 13

Are you facing connection failures whilst setting up Personal Hotspot on your iPhone or iPad? You’re not alone. The issue has been reported by several iOS users all the way back to version 13.1.2. Don’t worry, it’s not a hardware-related issue, as acknowledged by Apple, but a software bug. So, you don’t have to visit …

ImageApple warns to upgrade to iOS 17.1.2 fixing two major zero-day vulnerabilities

Apple released iOS 17.1.2 and iPadOS 17.1.2 earlier on Thursday with patches for a few zero-day vulnerabilities that were discovered lately. Both the zero-day vulnerabilities were related to WebKit browser engine affecting iPhone XS and later, iPad Pro 10.5” and 11” 1st-gen and later, iPad Air 3rd-gen and later, iPad Pro 12.9” 2nd-gen, as well …

ImageApple users facing issues updating to iOS 17.3; Here’s the possible workarounds

iOS 17.3 is here and brings one of the most-awaited features – the Stolen Device Protection. Apple has already asked users to get their iOS 17.3 update done as it also carries a fix for a zero-day vulnerability. However, it seems like some users are facing difficulty in getting their share of the iOS 17.3 …

Discuss

Be the first to leave a comment.