It was only last week when security researcher Denis Tokarev countered Apple’s iOS has zero-day vulnerabilities claim which the company has ignored for months despite his complaints. The researcher says that they submitted four zero-day vulnerabilities to Apple between March 10 and May 4. One of those was patched in IOS 14.7 which apple decided to cover up. Three other security flaws were reported in the released version of iOS 15, these also received the same ignorance as to other iOS flaws.
“Ten days ago, I asked for an explanation and warned that I would make my research public if I don’t receive an explanation,” Denis said. “My request was ignored so I am doing what I said I would. My actions are in accordance with responsible disclosure guidelines.”
ALSO READ: How to improve your productivity with these Google Chrome hacks!
The three vulnerabilities include a flaw that allows Apple store apps to read data like Apple ID credentials and information about a users’ contacts. Another flaw allows any app to check whether any other app is installed on a device, while the third one allows apps with location services permissions to gain access to Wi-Fi information.
Now Apple has responded to the researcher’s claims saying it is “still investigating” the issues. Apple has also apologized for the delay that has happened in communication between them and the researcher citing ongoing investigation as the reason.
A statement from Apple says, “We saw your blog post regarding this issue and your other reports. We apologize for the delay in responding to you. We want to let you know that we are still investigating these issues and how we can address them to protect our customers. Thank you again for taking the time to report these issues to us, we appreciate your assistance. Please let us know if you have any questions.”
ALSO READ: Best iOS 15 features, compatible iPhones, and how to update
Tokarev has also claimed that he was not credited for reporting the one vulnerability that the company fixed too (IOS 14.7 flaw). One cybersecurity expert has also accused Apple saying that their handling of the situation is not normal, while another said that the company responded to Tokarev because of the media coverage and they have no intentions of actually fixing these flaws.
Meanwhile, Apple’s Head of Security Engineering and Architecture Ivan Krstic says that Apple is planning to introduce new rewards for researchers to expand participation and that Apple is working towards offering better research tools.
