Apple responded to a security researcher who claimed that the company had ignored several of its vulnerability reports, stating that it was “still investigating” the problems.
Earlier in September, security researcher Denis Tokarev wrote a blog post detailing some of his interactions with Apple’s debugging program. Tokarev said that, out of four security errors he submitted to Apple, only one was corrected.
The other three bugs remained uncorrected in the released version of iOS 15, Tokarev told Motherboard. In response to its blog post, Apple apologized for the delay in communication and added that it was investigating the problem.
“We have seen your blog on this issue and your other reports. We apologize for the delay in responding,” Apple told Tokarev. “We want to inform you that we are still investigating these issues and how we can resolve them to protect customers. Thank you once again for taking the time to report these issues to us, we appreciate your help. Let us know if you have any questions.”
In addition to the three bugs that Apple is still working on, Tokarev said that he did not deserve to report one vulnerability that the company fixed.
Three uncorrected errors include an error that could allow App Store apps to read certain information, such as Apple ID email, contact lists, and other information. However, Tokarev notes that none of the three critical vulnerabilities have been explained, which may explain Apple’s lag in correction. Tokarev reported mistakes between March 10 and May 4, 2021.
At least one cybersecurity expert said Motherboard that Apple is not dealing with the situation is not normal, while another said that the company probably responded to Tokarev because of media coverage of uncorrected deficiencies.
Other security researchers have criticized Apple’s bug reward program for poor communication and confusion about payouts. Apple, for its part, characterizes the program as a “runaway success.”
Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.