Apple 'still investigating' three unpatched security flaws in iOS 15

In early September, security researcher Denis Tokarev wrote a blog post in which he complained about some interactions with Apple's bug bounty program. The incident originated from four security vulnerabilities submitted to Apple through the Bug Nounty Program. However, after waiting for a long time, he found that only one had been fixed. The latest news is that Apple has responded to the matter, claiming that it is "still investigating" the relevant issues.

[[426391]]

Tokarev told Motherboard that three other vulnerabilities were not fixed in the earlier iOS 15 update. Now, Apple has apologized for the delay in communication and added that the company is investigating the issues.

We have seen your blog post and other reports of this issue and apologize for the late response. We want to let you know that we are still investigating these issues and how we are fixing them to protect customers.

Thanks again for taking the time to report these issues to us, and please let us know if we can help you in any way.

However, aside from the three buildings that Apple is still fixing, Tokarev said he was not credited for reporting the fixed vulnerability.

It is reported that the three unpatched vulnerabilities include a flaw that may cause the App Store application to read certain data including Apple ID, email address, contact list, etc.

However, Tokarev also admitted that the three vulnerabilities he reported between March 10 and May 4, 2021 were not that serious, so it is understandable to a certain extent that Apple did not give them such a high priority.

Finally, despite Apple's claim that its bug bounty program has been "hugely successful," at least one cybersecurity expert told Motherboard that Apple's handling of this situation is somewhat unusual.

Another said that it wasn't until the media exposed the loopholes in the repair department that Apple took the time to respond to Tokarev's questions.