Apple 'still investigating' three unpatched security flaws in iOS 15

Apple 'still investigating' three unpatched security flaws in iOS 15

In early September, security researcher Denis Tokarev wrote a blog post in which he complained about some interactions with Apple's bug bounty program. The incident originated from four security vulnerabilities submitted to Apple through the Bug Nounty Program. However, after waiting for a long time, he found that only one had been fixed. The latest news is that Apple has responded to the matter, claiming that it is "still investigating" the relevant issues.

[[426391]]

Tokarev told Motherboard that three other vulnerabilities were not fixed in the earlier iOS 15 update. Now, Apple has apologized for the delay in communication and added that the company is investigating the issues.

We have seen your blog post and other reports of this issue and apologize for the late response. We want to let you know that we are still investigating these issues and how we are fixing them to protect customers.

Thanks again for taking the time to report these issues to us, and please let us know if we can help you in any way.

However, aside from the three buildings that Apple is still fixing, Tokarev said he was not credited for reporting the fixed vulnerability.

It is reported that the three unpatched vulnerabilities include a flaw that may cause the App Store application to read certain data including Apple ID, email address, contact list, etc.

However, Tokarev also admitted that the three vulnerabilities he reported between March 10 and May 4, 2021 were not that serious, so it is understandable to a certain extent that Apple did not give them such a high priority.

Finally, despite Apple's claim that its bug bounty program has been "hugely successful," at least one cybersecurity expert told Motherboard that Apple's handling of this situation is somewhat unusual.

Another said that it wasn't until the media exposed the loopholes in the repair department that Apple took the time to respond to Tokarev's questions.

<<:  WeChat cloud storage charges kill three birds with one stone, but it is "going against the trend"

>>:  WeChat iOS version updated! Voice calls can display the other party's Moments updates

Recommend

5000 words to explain Heytea's private domain operation method

A few days ago, when I was browsing the news, I f...

Talk about user cognitive cost!

Let me first explain the general logic. Professor...

Dandruff and hair loss, what's wrong with our scalp?

I don’t know if you who are busy every day have e...

VLC-based video player

I've been researching the video playback func...

A Beginner's Guide to User Growth!

The scope of growth is very large. This article f...

Baiguoyuan’s private domain operation strategy!

Baiguoyuan is now No. 1 in the fruit industry. Wh...

Mobike Dies in a Million Ways from Innovation

During the turbulent times of the subsidy war, Wa...

After a person is buried, where do the atoms that make up his body go?

"It rains heavily during the Qingming Festiv...

From ad images to landing pages, 14 tips to improve conversions

This article is a summary of the book "The B...

Wuhan tea sn

Wuhan high-end tea drinking is unique and very un...